SonicWall Named Silver Partner of the Year by CDW Canada

SonicWall is proud to announce that it recently won the Silver Partner of the Year Award from CDW Canada.

At the March 22 virtual ceremony, SonicWall was chosen from among four finalists, a list that also included Juniper Networks, Okta and NVIDIA.

“In a truly tumultuous year, SonicWall played an integral role supporting CDW’s goal of putting our customers at the center of everything we do,” said Ginette Adragna, vice president and general manager for CDW Canada. “The ongoing and meaningful collaboration between our two great organizations played a crucial role in 2020, and we look forward to building on this relationship to best serve our Canadian customers in 2021 and beyond.”

The Partner of the Year Awards are selected based on input and recommendations from CDW Canada’s sales, product and partner management, marketing, and finance teams. The selected brands are evaluated based on their ability to demonstrate outstanding leadership and provide excellent service to CDW Canada’s coworkers and customers.

CDW Canada is a leading multi-brand technology solutions provider for government, education, healthcare and business organizations. CDW Canada helps customers meet their goals by delivering integrated technology solutions and services to help customers navigate an increasingly complex IT market and maximize the return on their technology investment. The company is focused on software, networking, unified communications, data center and mobility solutions.

CDW Canada is on the Channel Daily News Top 100 Solutions Providers list, and is a wholly owned subsidiary of Vernon Hills, Illinois-based CDW Corporation, a Fortune 500 company.

Expanding the Trophy Case: SonicWall Attains 5-Star Rating in 2021 CRN Partner Program Guide

Only three months into the start of a new year, SonicWall has now claimed its 18th industry-recognized accolade. The SonicWall SecureFirst partner program has received a 5-star rating in the 2021 CRN Partner Program Guide.

The honor is awarded to an exclusive group of companies that offer solution providers the best of the best, going above and beyond in their partner programs. This annual guide provides a conclusive list of the most distinguished partner programs from leading technology companies that provide products and services through the IT channel.

“At SonicWall, we listen,” said HoJin Kim, SonicWall SVP, Worldwide Channel, North American Sales. “We work incredibly hard to provide partners with everything they need in order to not only meet their yearly objectives, but exceed them. We hope to see our partners increase their use of partner playbooks and marketing campaigns in the new year and ingrain themselves in our partner community.”

The SonicWall SecureFirst program was modified this year to make it more inclusive of registered partners. Changes include acceptance of third-party certifications for the silver tier to recognize the rise of industry talent. The continuing education requirement was also reduced to allow more flexibility with enablement requirements, as was the number of gold partners to strengthen the program and partner relationships.

“As innovation continues to fuel the speed and intricacy of technology, solution providers need partners that can keep up and support their developing business,” said Blaine Raddon, CEO of The Channel Company. “CRN’s 2021 Partner Program Guide gives insight into the strengths of each organization’s program to recognize those that continually support and push positive change inside the IT channel.”

Given the importance of IT vendor channel programs, each year CRN develops its Partner Program Guide to provide the channel community with a detailed look at the partner programs offered by IT manufacturers, software developers, service companies and distributors. Vendors are scored based on investments in program offerings, partner profitability, partner training, education and support, marketing programs and resources, sales support, and communication.

In addition to its 5-star rating, SonicWall’s Bob VanKirk, HoJin Kim and Dave Bankemper were recently named to the annual CRN 2021 Channel Chiefs List, which recognizes leading IT channel vendor executives who continually demonstrate outstanding leadership, influence, innovation and growth. In March, the company was included on the outlet’s list of Top 100 Security Companies and took home 10 Globee® Awards in the 17th Annual 2021 Cybersecurity Global Excellence Awards®.

If you’re interested in more information on becoming a SonicWall partner, please visit, www.sonicwall.com/partners/become-a-partner.

Does Your Network Need a Watchman?

So, you’ve decided to open a bar. You hire the best decorator, purchase the best selection of bottles imaginable, and hire the best bartender you can find. The bar opens to rave reviews, and instantly becomes the hottest spot in town.

Within a month, it’s closed. As it turns out, allowing just anybody in—or out—isn’t sound business practice.

That goes double for cybersecurity. Imagine if your business was content having no visibility into a common source of problems and noncompliance. Unfortunately, this may already be the case, as many businesses still do not make inspecting encrypted traffic a priority.

First of all, let’s explore what encrypted threats are: In simple terms, SSL (Secure Sockets Layer) can create an encrypted tunnel for securing data over an internet connection. TLS (Transport Layer Security) is a newer, more secure version of SSL.

While TLS and SSL provide legitimate security benefits for web sessions and internet connections, cybercriminals are increasingly using these encryption standards to hide malware, ransomware, zero-day and more. Today, an estimated 35% of threats are encrypted — and that number is on the rise (Source: Gartner).

Unfortunately, there’s a fear of complexity and a general lack of awareness around the need to responsibly inspect SSL and TLS traffic — particularly using deep packet inspection (DPI) — for malicious cyberattacks. This attitude is especially dangerous because traditional security controls lack the capability or processing power to detect, inspect and mitigate cyberattacks sent via HTTPS traffic.

In the case of our theoretical bar, hiring a watchman would have made all the difference in continuing to be successful, and having to shut down (or being shut down) due to insufficient or nonexistent control over traffic. Similarly, as the rate of encrypted threats continues to rise, examining encrypted traffic could make the difference between recognizing and blocking a threat, and being forced to pick up the pieces after a successful cyberattack.

Imagine your bar had a dress code. Regardless of whether that dress code mandated fashionable club wear or a jacket and tie, without a watchman or doorperson, there’s nothing to enforce it. Worse, with no one to check coats, you never know who might be wearing a hockey jersey or a crass political T-shirt under their khaki trench coat.

The interplay between content filtering solutions and encrypted traffic is similar. With 80 to 90 percent of traffic now coming over encrypted connections using HTTPS, your content filtering solutions become completely inaccurate (Source: Google Transparency Report). They have a limited efficiency when it comes to identifying the destination webpage and deciding how to deal with potential threats. And without the ability to see what’s going on below the surface, you’re in danger of threats sneaking past.

Similarly, sandboxing solutions are of limited usefulness when it comes to encrypted threats. If a cybercriminal manages to establish an encrypted connection between the threat actor controller and an endpoint, they could transfer files back and forth—including additional malware. In most cases, organizations have a single sandboxing solution which is capable of scanning all files and ensuring they’re non-malicious before allowing them.

But if communication is encrypted, the sandboxing solution is rendered useless because you’re unable to capture the files traveling between a CC and the endpoint. The solution sees encrypted traffic happening between two IPs but have no visibility into what’s going on.

In the example of our watchman, think of him as a seasoned professional. He’s got a mental list of troublemakers 20 years in the making and can spot one a mile away. But without someone at the door to recognize those who become a danger to themselves and others, they can walk right in—and to someone whose job isn’t spotting these sorts of troublemakers, they’re just another patron until it’s too late.

Sometimes it’s not just about what’s going into the bar (or network)—it’s also about what’s leaving.  Many security solutions are designed for data loss prevention, but encryption has the ability to hide this entirely. This allows malicious actors (from inside or outside the organization) to steal private or confidential data without anyone noticing, and then once they have enough to blackmail you, they will often deploy ransomware.

Unfortunately, normal gateway appliances without decryption available/turned on have no visibility into this traffic. And the risks extend beyond trojans, ransomware and malware—such data exfiltration could also put you out of compliance with regulations like HIPAA, PCI or GDPR, inviting stiff fines.

Did your bar close because patrons got caught leaving with drinks or employees were witnessed sneaking bottles out in a handbag? That isn’t just illegal for them—it’s illegal for you, too. And sometimes the penalties for lack of compliance, whether that’s local ordinances for pubs or national compliance regulations for large organizations, can threaten or even close businesses.

In both cases, the answer is the same: a fearless and effective defender who’s smart enough to know who to let in and who to keep out—and the muscle to back it up without creating a bottleneck at the door.

To find out more about what you need to do to inspect your organization’s encrypted traffic, click here to register for the latest Mindhunter webinar: “Does Your Network Need a watchman?” on April 20, at 10 a.m. GMT

La vostra rete ha bisogno di un buttafuori?

Finalmente avete deciso di aprire un cocktail bar. Trovate il miglior arredatore di interni, acquistate la migliore selezione di vini e liquori e assumete il miglior barman che riuscite a trovare. Nel giro di poco tempo tutti parlano del vostro cocktail bar, che diventa il locale più di tendenza della città.

Ma dopo un mese, il locale chiude. A quanto pare, la decisione di far entrare – o uscire – chiunque non è stata una buona idea.

Lo stesso vale per la cybersecurity. Immaginate cosa potrebbe accadere se la vostra azienda non fosse a conoscenza di un certo problema o non conformità interna. Purtroppo questo accade già molto spesso, in quanto l’ispezione del traffico crittografato non viene considerata una priorità da molte aziende.

Ma prima di tutto chiariamo cosa sono le minacce crittografate: in poche parole, l’SSL (Secure Sockets Layer) può creare un tunnel crittografato per proteggere i dati in una connessione internet. Il protocollo TLS (Transport Layer Security) è una versione più recente e più sicura dell’SSL.

Mentre TLS e SSL offrono evidenti vantaggi in termini di sicurezza per le sessioni web e le connessioni internet, i cybercriminali utilizzano sempre più spesso questi standard di crittografia per nascondere malware, ransomware, zero-day e altre minacce. Secondo alcune stime il 35% delle minacce attuali sono crittografate, e questa tendenza è in crescita (fonte: Gartner).

Purtroppo esiste un certo timore verso la complessità e una generale mancanza di consapevolezza sull’importanza di ispezionare a fondo il traffico SSL e TLS, in particolare con l’ispezione approfondita dei pacchetti (DPI), per rilevare attacchi informatici dannosi. Questo atteggiamento è particolarmente rischioso, perché i controlli di sicurezza tradizionali non hanno le capacità o la potenza di elaborazione per rilevare, ispezionare e mitigare i cyber attacchi sferrati attraverso il traffico HTTPS.

Nel caso del nostro cocktail bar teorico, la presenza di un buttafuori avrebbe fatto la differenza tra il continuare un’attività di successo e il dover chiudere a causa di un controllo insufficiente o inesistente del traffico. Allo stesso modo, visto il continuo aumento del numero di minacce crittografate, l’ispezione del traffico crittografato può fare la differenza tra il riconoscere e bloccare per tempo una minaccia e il dover rimediare ai danni subiti dopo un cyber attacco andato a buon fine.

Supponiamo ora che il vostro cocktail bar abbia un dress code. Indipendentemente dal codice di abbigliamento che decidete di adottare, senza un controllo all’ingresso non c’è modo di applicarlo. Inoltre, se nessuno si occupa del guardaroba, non si può mai sapere se sotto una giacca elegante un ospite indossa una maglia da calcio o una t-shirt con slogan offensivi.

L’interazione tra le soluzioni di filtraggio dei contenuti e il traffico crittografato funziona in modo simile. Con l’80-90% del traffico proveniente da connessioni crittografate con HTTPS, le soluzioni di filtraggio dei contenuti non sono in grado di fornire un’ispezione accurata (fonte: Rapporto sulla trasparenza di Google). Quando si tratta di identificare la pagina web di destinazione e di decidere come gestire potenziali minacce, queste soluzioni hanno un’efficienza limitata. E senza la capacità di vedere cosa succede sotto la superficie, aumenta il pericolo che le minacce passino inosservate.

In modo analogo, le soluzioni di sandboxing non sono particolarmente utili nel caso delle minacce crittografate. Se un cybercriminale riesce a stabilire una connessione crittografata con un endpoint, potrebbe essere in grado di trasferire anche file e malware di vario tipo. La maggior parte delle aziende utilizza un’unica soluzione di sandboxing che scansiona tutti i file e verifica che non siano dannosi prima di consentirne l’accesso.

Ma se la comunicazione è crittografata, la sandbox diventa inutile perché non è in grado di riconoscere i file trasmessi tra un CC e l’endpoint. La soluzione vede semplicemente che due indirizzi IP si scambiano traffico crittografato, ma non ha alcuna visibilità sul loro contenuto.

Nell’esempio del nostro buttafuori, sappiamo che è un professionista esperto. Si ricorda di tutti gli attaccabrighe degli ultimi 20 anni e li riconosce lontano un chilometro. Ma se alla porta non c’è nessuno in grado di riconoscere chi può essere un pericolo per se e per gli altri, queste persone possono entrare tranquillamente e nessuno se ne rende conto finché non sarà troppo tardi.

A volte il problema non riguarda solo chi entra nel locale (o nella rete), ma anche ciò che esce.  Molte soluzioni di sicurezza sono progettate per prevenire la perdita di dati, ma la crittografia ha la capacità di nascondere completamente i dati. In questo modo gli utenti malintenzionati (all’interno o all’esterno dell’azienda) possono rubare dati privati o riservati senza che nessuno se ne accorga e, una volta raccolti dati a sufficienza, spesso utilizzano un ransomware per ricattare l’azienda.

Purtroppo, i comuni gateway senza decrittografia disponibile/attivata non hanno alcuna visibilità su questo traffico. I rischi non si limitano a trojan, ransomware e malware: un’esfiltrazione di dati di questo tipo può anche mettere a rischio la conformità a normative come GDPR, HIPAA o PCI, esponendo l’azienda a multe severe.

Il vostro locale ha dovuto chiudere perché alcuni clienti sono stati sorpresi a uscire con dei drink o i dipendenti hanno trafugato alcune bottiglie? Si tratta di un’azione illegale non solo per loro, ma anche per voi. A volte le sanzioni per la mancanza di conformità, che si tratti di ordinanze locali per locali notturni o di normative di conformità nazionali per le grandi organizzazioni, possono mettere a rischio o addirittura portare alla chiusura delle aziende.

In entrambi i casi, la soluzione è la stessa: ci vuole un addetto alla sicurezza imperterrito, efficace e sufficientemente esperto da sapere chi lasciare entrare e chi no – il tutto con l’abilità necessaria per non creare code all’ingresso.

Per scoprire cosa vi serve per ispezionare il traffico crittografato della vostra azienda, registratevi al nuovo webinar di Mindhunter: “La vostra rete ha bisogno di un buttafuori?”, che si terrà il 23 aprile alle ore 14:00 CET

Cybersecurity News & Trends

This week — with higher education institutions and electricity companies on high alert, and with the Microsoft Exchange server crisis raging on — it’s no wonder 82% say cyberterrorism is America’s top potential threat.


SonicWall in the News

IoT malware attacks saw a huge rise last year — Techradar

  • As the number of consumer-oriented IoT devices grows, data from SonicWall’s 2021 Cyber Threat Report suggests, IoT malware has been on the rise.

Phishing Email Warning Shows Cybercriminals Seizing on Tax Filing Delay, Vaccine Rollout Gallery — Channel Futures

  • Dmitriy Ayrapetov explains how bad actors are targeting vaccine distribution and takes a closer look at the threats caused by the remote workforce.

ICYMI: Our Channel News Roundup For the Week of March 15 — ChannelPro Network

  • SonicWall’s 2021 Cyber Threat Report was included in ChannelPro Network’s weekly news roundup.

India Saw Largest Spike In Malware Attacks In 2020: Report — ET CISO

A Pandemic Of Email Scams — Financial Times

  • SonicWall recently reported a 62% increase in ransomware attacks last year and a 74% increase in malware variants.

New SonicWall 2020 Research Shows Cyber Arms Race At Tipping Point — CIO Review India

  • This article spotlights SonicWall’s 2021 Cyber Threat Report.

Industry News

Lawmakers reintroduce legislation to secure internet-connected devices — The Hill

  • The Cyber Shield Act would create a voluntary cybersecurity certification program for IoT devices.

Ransomware operators are piling on already hacked Exchange servers — Ars Technica

  • The fallout from the Microsoft Exchange server crisis isn’t abating just yet.

Purple Fox Malware Targets Windows Machines With New Worm Capabilities — Threat Post

  • A new infection vector from the established malware puts internet-facing Windows systems at risk from SMB password brute-forcing.

Thousands of Exchange servers breached prior to patching, CISA boss says — Cyberscoop

  • A U.S. government cybersecurity official has warned organizations not to have a false sense of security when it comes to vulnerabilities in Microsoft Exchange Server software, noting that “thousands” of computer servers with updated software had already been breached.

Covid-19: Vaccines and vaccine passports being sold on darknet — BBC

  • Researchers say they have seen a “sharp increase” in vaccine-related darknet adverts, while the BBC has been unable to determine whether the vaccines being sold there are real.

UK colleges and unis urged to prepare for ransomware before it’s too late — The Register

  • There’s been an uptick in attacks since schools reopened, warns National Cyber Security Centre

Electricity Distribution Systems at Increasing Risk of Cyberattacks, GAO Warns — Security Week

  • A newly published report form the U.S. Government Accountability Office describes the risks of cyberattacks on the electricity grid’s distribution systems, along with the scale of the potential impact of such attacks.

8 in 10 say cyberterrorism is top potential threat: Gallup — The Hill

  • According to the survey, 82% of respondents said cyberterrorism is a critical threat to the U.S.

TikTok Doesn’t Pose Overt U.S. National Security Threat, Researchers Say — The New York Times

  • A new study by university cybersecurity researchers found that the computer code underlying the TikTok app doesn’t pose an overt national security threat to the U.S.

Acer reportedly targeted with $50 million ransomware attack — ZDNet

  • The REvil ransomware gang has published various Acer documents, such as financial spreadsheets, bank balances and bank communications.

FBI warns of BEC attacks increasingly targeting US govt orgs — Bleeping Computer

  • The Federal Bureau of Investigation is warning U.S. private sector companies about an increase in business email compromise (BEC) attacks targeting state, local, tribal, and territorial (SLTT) government entities.

Microsoft Defender Antivirus now automatically mitigates Exchange Server vulnerabilities — ZDNet

  • Mitigation fixes will be applied automatically in a renewed effort by Microsoft to contain security incidents caused by the bugs.

SolarWinds-linked hacking group SilverFish abuses enterprise victims for sandbox tests — ZDNet

  • Existing victim networks are used as a novel form of sandbox, as cybercriminals exploit them to test out payloads.

In Case You Missed It

Accelerated SonicWall Portfolio Expansion Delivers Enterprise-Grade Protection, Lower TCO

The last 12 months have been about acceleration — across all aspects of life. For the cybersecurity industry, that meant helping organizations and businesses quickly deploy secure remote workforces in a matter of weeks.

And while we accomplished those goals early on, the mission has now shifted to delivering more innovation around security, capacity, flexibility and cost savings in a remote-first world.

To keep that commitment, today we announce yet another expansion of our product portfolio with the all-new NSa 3700, a multi-gigabit next-generation firewall designed to thwart attacks targeting organizations in all industries. In addition to the NSa 3700 firewall, we’re also introducing several product updates that add more value, simplicity and versatility to our modern security and management offerings.

The expansion of the Capture Cloud platform includes:

  • SonicWall NSa 3700 — Our latest mid-range firewall expands threat protection with multi-gigabit security for retail, K-12 and secondary education, higher education, distributed enterprises, and government agencies. Powered by SonicOS 7.0, the new SonicWall NSa 3700 firewall delivers a modern UX/UI and advanced security controls, plus critical networking and management capabilities to increase visibility and help defend against today’s increasingly targeted attacks.
  • SonicWall CSa 1.2 — CSa’s newest update delivers advanced, closed-network threat protection for governments and compliance-conscious organizations using SonicWall Capture Security appliance (CSa) appliances. The SonicWall Capture Advanced Threat Protection (ATP) service with patented RTDMI™ can now be deployed without the need to connect to external resources, which is important for organizations operating air-gapped networks.
  • SonicWall Network Security Manager (NSM) 2.2 — Our cloud-native security management service includes new enhancements to usability, security and flexibility. This includes powerful capabilities around policy configuration, certificate management, two-factor authentication and more.
  • SonicWall Next-Gen Analytics 3.0 — The powerful analytics engine transforms threat data into defensive actions to address hidden risks across networks, applications and users. This helps organizations find threats up to 25% faster and mitigate suspicious behavior upon discovery.
  • SonicWall Wireless Network Manager (WNM) 3.5 — We’ve rebranded and reimagined our existing wireless security management solution to unify visibility and control. By combining SonicWall switches and SonicWave wireless access points into a single solution, it’s now easier than ever to securely monitor and manage both access points and switches — all from a single interface.
  • SonicWall Capture Client 3.6 — Our popular endpoint protection solution now includes support and compatibility for devices running Apple macOS Big Sur.

“These new and enhanced solutions offer organizations an elastic and scalable cloud model to enable leaders to close critical security gaps using robust, enterprise-grade threat protection with next-generation technology,” said SonicWall President and CEO Bill Conner in the official announcement. “As the cyber arms race continues to escalate, SonicWall looks to equip organizations with proven security at a low total cost of ownership and high security efficacy.”

To learn more about SonicWall’s new products and enhancements, review the official press announcement, contact a SonicWall security expert, or click the product names  for a closer look into each major new product.

Capture Client 3.6: Big Sur, But Safer

The release of Capture Client 3.6 is bringing the platform’s next-generation malware protection and application vulnerability intelligence to macOS Big Sur.

The update is still beneficial regardless of which OS you’re running, however— v.3.6 includes a number of bug fixes that improve user and management experience. The SonicWall team is already hard at work on v.3.7, which will take this commitment to user experience even further with a strong roadmap update.

Previously, the 3.5 release of Capture Client focused on improvements to our user interface and the addition of Global Operations, which is best suited for our MSSP partners. This release greatly improved the Global Dashboard and added Global Policies for use across tenants. For a more detailed look at the v.3.5 release, watch “How to Manage Global Multi-Tenant Operations and Policies with Capture Client 3.5.”

To learn more about how SonicWall Capture Client can help you stop attacks before they execute, manage multiple tenants with ease, and use advanced reporting to effortlessly understand your security posture, click here.

New SonicWall NSa 3700: The Latest Next-Generation Firewall for Medium Enterprises

Medium enterprises are increasingly faced with budget constraints and a shortage of cybersecurity experts among their IT staff. At the same time, network traffic continues to rise … as does the number of online transactions …  and the number of connected devices, including IoT devices.

This increase in new potential threat vectors has driven an increase in just about every form of attack, with emboldened cybercriminals launching increasingly sophisticated attacks such as zero-days and ransomware — many of which evade traditional perimeter defenses.

But despite this increase in risk, organizations are more reliant than ever on business continuity to ensure the continual availability of information and services provided across their network.

To meet these challenges, IT directors need a highly reliable next-generation firewall (NGFW) — one that can not only can scale to support millions of connections, but also scan them for threats over multi-gigabit speeds without compromising performance. It also must be cost-effective, easily manageable, and capable of handling high bandwidth and support multiple networks and clouds.

Introducing the SonicWall NSa 3700: A Generation 7 NGFW with high port density and low cost of ownership

The SonicWall Network Security Appliance (NSa) 3700 NGFW features high port density, including multiple 5 and 10 GbE ports. NSa 3700 protects mid-size networks with comprehensive integrated security services like malware analysis, encrypted traffic inspection, cloud application security and reputation services. It also supports centralized management with a truly intuitive single-user interface, significantly improving operational efficiency.

SonicWall NSa 3700 runs on the latest SonicOS 7.0.1 and includes advanced networking features such as HA/clustering, SD-WAN, dynamic routing, and virtual routing and forwarding. It combines validated security effectiveness and best-in-class price performance in a single rack unit appliance.

In short, medium enterprises can now get the performance, networking and security capabilities they need from their NGFWs without breaking the bank.

NSa 3700 Next-Generation Firewall Highlights

Appliance at a glance

The NSa 3700 is an energy-efficient, reliable appliance in a compact 1U chassis. Powered by the next-generation SonicOS 7.0.1 operating system, it is capable of processing millions of connections while delivering multi-gigabit threat prevention throughput. The following are a few high-level features that make NSa 3700 an attractive option for medium and distributed enterprises:

  • 24 x 1 GbE interfaces
  • 4 x 5 GbE interfaces
  • 6 x 10 GbE interfaces
  • 3.5 Gbps of threat prevention performance
  • 4.2 Gbps of application inspection performance
  • 2 million stateful and 750,00 DPI connections
  • 22,500 connections per second
  • Dedicated management port

Powered by the new SonicOS 7.0

The SonicWall NS3700 runs on SonicOS 7.0, a new operating system built from the ground up to deliver a modern user interface, intuitive workflows and user-first design principles. SonicOS 7.0 provides multiple features designed to facilitate enterprise-level workflows, easy configuration, and simplified and flexible management — all of which allow enterprises to improve both their security and operational efficiency.

SonicOS 7.0 features:

More details about the new SonicOS 7.0 can be found here.

NSa 3700 Deployment Options

SonicWall NSa 3700 has two main deployment options for medium and distributed enterprises:

Internet Edge Deployment

In this standard deployment option, SonicWall NSa 3700 protects private networks from malicious traffic coming from the Internet, allowing you to:

  • Deploy a proven NGFW solution with highest performance and port density (including 10 GbE connectivity) in its class
  • Gain visibility and inspect encrypted traffic, including TLS 1.3, to block evasive threats coming from the Internet — all without compromising performance
  • Protect your enterprise with integrated security, including malware analysis, cloud app security, URL filtering and reputation services

Medium and Distributed Enterprise Deployment

The SonicWall NS3700 supports SD-WAN and can be centrally managed, making it an ideal fit for medium and distributed enterprises. By leveraging NSa’s high port density, which includes 10 GbE connectivity, enterprises can support distributed branches and wide area networks. This deployment allows organizations to:

  • Provide direct, secure internet access to distributed branch offices instead of back-hauling through corporate headquarters
  • Allow distributed branch offices to securely access internal resources in corporate headquarters or in a public cloud, significantly improving application latency
  • Reduce complexity and improve operations by using a central management system, which is accessed through an intuitive, single-pane-of-glass user interface

Overall Solution Value

The new NSa 3700 offers enterprises a best-in-class next-generation firewall with high speed and port density, all at a lower total cost of ownership. With integrated security services like malware analysis, URL filtering and cloud application security, NSa 3700 delivers superb protection from advanced threats.

To learn more about the new Generation 7 NSa Series, watch the video or click here.

Announcing Wireless Network Manager for Unified Wired and Wireless Management

Wireless devices are driving digital transformation to the cloud. Today 94% of enterprises use the cloud, and 94% of SMBs report security benefits after moving to the cloud. And this year, worldwide wireless device adoption has exploded to 22 billion. As a result, securing and managing wireless networks has become more challenging.

SonicWall Wireless Network Manager provides integrated management of SonicWave Access Points and SonicWall Switches for unified visibility and control of wired and wireless networks. This cloud-based management solution is designed to be user-friendly while simplifying access, control and troubleshooting capabilities.

Single-Pane-of-Glass Management

Global networks can be managed easily from a single pane of glass with Wireless Network Manager — which is a part of the SonicWall Capture Security Center ecosystem. Being highly scalable, it is suitable for organizations of any size. Everything from single-site wireless deployments to vast enterprise networks can be easily overseen with the Wireless Network Manager.

Scalability and Unified Policy

This dashboard unifies multiple tenants, locations and zones while simultaneously supporting tens of thousands of SonicWave access points and SonicWall Switches. Create a unified wired and wireless policy at the tenant level and push that down to various locations and zones. Drill down on managed devices for more granular data. Receive firmware and security updates from the cloud automatically so that your devices are always up to date.

Reliable Operation

Since the Wireless Network Manager controls only the management plane functions of the access points and switches, internet outages do not impact their performance. Although there is a temporary loss in management capability, access points and switches continue to work seamlessly, ensuring business continuity.

Zero-Touch Deployment

The Zero-Touch Deployment (ZTD) feature of SonicWave access points and SonicWall Switches ensures that onboarding is automated and the network is up in minutes. Provisioning these devices is simple and can be done remotely, saving both time and money. Just register and onboard the devices from anywhere with the SonicExpress app — once the devices are connected and turned on, ZTD authenticates, associates and configures them automatically.

Advanced Analysis Tools

Once the access points are registered and onboarded and prior to access point deployment, performing a wireless site survey ensures increased workforce productivity. SonicWall WiFi Planner tool, which is available within Wireless Network Manager, is the ideal enablement tool to plan smarter and eliminate costly installation mistakes. This tool enables administrators to optimally plan and deploy a wireless network for enhanced WiFi user experience. Additionally, WNM’s Topology tool provides network topology maps and managed device statistics.

Lower TCO

Cloud-based WNM drives down total cost of ownership by shifting capital expenditures (CAPEX) to operating expense (OPEX). WNM cuts out the cost and maintenance of redundant hardware-based controllers and optimizes data center rack space, and its intuitive interface reduces training and administrative overhead costs.

Regardless of the size of your organization, SonicWall Wireless Network Manager offers unified visibility and control in a secure, Wi-Fi cloud-managed solution. To learn more, visit sonicwall.com/wnm

NSM On-Prem vs. NSM SaaS: Which Is Best for You?

SonicWall’s Network Security Manager (NSM) provides centralized management, 360-degree control and unparalleled visibility into network security infrastructures utilizing SonicWall Next-Generation Firewalls (NGFW).

NSM offers two deployment options: on cloud and on-prem. If you’re wondering which is the best fit for your environment, here are some factors to consider:

  • Understanding Your Business Needs: The emergence of cloud computing has allowed companies to shift the management and maintenance of their IT infrastructure to their cloud provider, thereby reducing their operational costs. SonicWall reduces your operational overhead in much the same way by hosting and maintaining the web-based NSM SaaS application on the cloud. NSM SaaS is a scalable, cloud-native offering that’s easy to deploy. It is ideal for the security needs of any business, particularly a small or medium-sized business, that wants to minimize their day-to-day IT costs and offload their operational and deployment challenges to SonicWall. But say you have a well-established IT infrastructure of your own and customization is key for you — for example, a managed security service provider (MSSPs) with a dedicated IT team to deploy, constantly monitor and maintain on-prem systems for clients. In that case, NSM on-prem would be the better choice. This option also offers full control over the scaling of your on-prem system to quickly facilitate on-demand growth.
  • Feature Parity: NSM SaaS and NSM on-prem use a unified code base — meaning you’ll get the same management capabilities on both. In other words, features like device groups, tenant management, user management, templates, commit and auditing workflow, etc., will be the same. But the NSM 2.2 release brings along a few more NSM on-prem-specific security and deployment features:
    • Closed Network Support: A closed network is a private network that is completely shut off from the outside environment and has no internet connectivity. NSM 2.2 helps preserve the privacy and security of closed networks by offering an airgap method for onboarding and licensing SonicWall firewall devices managed by NSM — meaning you won’t have to contact License Manager (LM) or MySonicWall.com (MSW).
    • User Access Controls: You can prevent unauthorized individuals from gaining access to your on-prem environment through enhanced security features. These include account lockout based on number of unsuccessful login attempts, two-factor authentications through Microsoft or Google authenticator apps, whitelisting IP addresses, and so on.
    • High Availability Support: To ensure there is no single point of failure and to provide uninterrupted access to NSM, the NSM 2.2 release lets users associate a secondary node to their primary node with similar settings.
    • Deployment Flexibility: NSM on-prem can now be deployed on Azure, KVM, ESXi and Hyper-V platforms. It requires a minimum system requirement of 16 GB RAM and 4 core CPU.
  • Licensing: Both NSM SaaS and NSM on-prem are based on subscription licensing models. NSM SaaS licensing depends on firewall type and has two available options, NSM Essentials and NSM Advanced. NSM Essentials offers full management capability with seven days of reporting, whereas NSM Advanced contains full management capability with 365 days of reporting and 30 days of Analytics. NSM on-prem licensing is node-based, with a base license of five nodes and add-on licenses. Currently, NSM on-prem has full management capabilities only. On-prem Analytics can be used as an add-on license for data reporting and analytics.

In summary, NSM on-prem is ideal for deployments requiring tighter system and data security controls, such as a closed network environment. But if you’re looking for on-demand scaling and a modern, cloud-native architecture, NSM SaaS is the best fit for you. Either way, you’ll get everything you need for comprehensive firewall management. And whatever you choose, you can rest assured that SonicWall is committed to providing you with impeccable support and a comprehensive feature set.