Siloed solutions can’t keep up with modern cybersecurity needs. The future demands an integrated, holistic solution that maximizes security, visibility and agility.
No matter what security philosophy your organization adopts, it’s critical that individual solutions are working together to deliver layered protection and comprehensive visibility with control. In other words, to achieve a fortified security posture, a combination of hardware, software and network security components must be integrated intrinsically.
This blog series looks at different layers of SonicWall’s Boundless Cybersecurity, breaking down how each component is designed to seamlessly fit with the others for a tighter approach to deploying, managing and securing your environment.
Let’s start with the key benefits of leveraging a more holistic and intrinsic approach to securing your organization:
- End-to-end visibility and the ability to share intelligence across the unified security framework
- The contextual awareness needed to detect and remediate security risks with greater speed and accuracy
- The real-time and consolidated threat information that forms the basis of informed security policy decisions
While there are a number of benefits to choosing this approach, it’s important to note that it requires a security ecosystem that harnesses the power, agility and scalability of the cloud. That’s why SonicWall’s Capture Cloud Platform is the bedrock of Boundless Security — unifying and orchestrating cybersecurity across network, email, endpoint and cloud security offerings.
How SonicWall endpoint security and network security work seamlessly together
Now that we’ve outlined both the importance of a true integrated security posture and the key platform requirements, let’s take a quick look at how unified network and endpoint security work together.
In addition to protection-enhancing benefits like greater visibility and control, this approach also builds resistance by ensuring your endpoint security solution doesn’t leave you vulnerable to threats that infect your network.
Leveraging SonicWall next-generation firewalls (NGFW) together with Capture Client ensures endpoints and users are protected against threats and growing threat vectors. When integration is enabled, endpoints are detected on the network by the SonicWall enforcement service. Through this service, the firewall in turn checks the endpoints to make sure the Capture Client agent is deployed. If Capture Client is not installed, the endpoint’s access to the network is restricted.
This integration also enables sharing of user and device telemetry from the endpoints, enabling network threat alerts well as enforcement of deep packet inspection of encrypted traffic (DPI-SSL) by deploying trusted certificates to each endpoint.
Key features when integrating SonicWall Capture Client and SonicWall Firewalls
Here are the key features that enable an integrated means of managing, monitoring and protecting your systems:
- Endpoint Security Enforcement – Endpoints behind the firewall that do not have Capture Client running will not be able to access internet-based services via the firewall. Users of these endpoints will be prompted to download and install Capture Client via a Block page in their browser to regain connectivity to the internet.
- User Visibility and Single Sign-On (SSO) – The IP addresses of endpoints behind the firewall are automatically mapped to the user logged into the endpoints at that time. This is used for user activity reporting, as well as single sign-on (SSO) to the firewall for user-based access policies.
- Network Threat Alerts – Endpoints running Capture Client that trigger threat detections on the firewall by the GAV, IPS, App Control or Botnet engines will see a notification on their endpoint.
- Enabling DPI-SSL – Certificate Provisioning can become a very cumbersome task and can hamper operational efficiency. With Capture Client Trusted Certificate Policies, administrators can enforce the installation of SSL certificates that will be used to inspect encrypted traffic to and from endpoints using the DPI-SSL feature.
These integrated features are only supported on Gen 7 firewalls and pre-Gen 7 firewalls running at least SonicOS 6.5.4, and will require some actions from the administrator. Check out this demo to see these features in action and learn how to set up and configure your SonicWall NGFW to integrate with SonicWall Capture Client.
There isn’t one single product or solution that provides an effective defense-in-depth strategy by itself. That’s why security and IT teams rely on multiple tools to ensure protection from threats and hackers. But managing multiple security solutions can be challenging and can result in silos — which can lead to gaps in your security posture.
To stay ahead and build resilience, your security tools have to be able to detect threats, respond efficiently and share information on emerging threats. These integrated tools autonomously detect threats and defend your network against new cyberattack methods. Modern security tools share threat information collected and analyzed locally, allowing an endpoint security tool to communicate to network security tools about an identified threat and vice versa. By receiving and giving information about the new threat, tools can use shared data to create security policies to protect your system against identified threats.