Posts

NSv Series and AWS GovCloud: Facilitating Government’s Move to the Cloud

Due to the highly classified nature of the information they handle, Federal agencies have been among the last to move their workloads to the cloud. But with guidance such as the U.S. White House’s Executive Order on Improving the Nation’s Cybersecurity, which directs the Federal government to accelerate movement to secure cloud services, and technology such as AWS GovCloud and SonicWall NSv Series virtual firewall, the flexibility and scalability of cloud solutions is now available to government customers as well.

What is AWS GovCloud?

The AWS GovCloud is an isolated AWS region that meets the regulatory and compliance requirements of government agencies. AWS GovCloud (U.S.) are isolated AWS regions designed to allow U.S. government agencies to move sensitive workloads into the cloud by addressing their specific regulatory and compliance requirements, including Federal Risk and Authorization Management Program (FedRAMP) High, Department of Defense Security Requirements Guide (DoD SRG) Impact Level 5, and Criminal Justice Services (CJIS).

To assist customers in managing their obligations under U.S. export control regimes such as the International Traffic in Arms Regulations (ITAR) and the Export Administration Regulations (EAR), AWS GovCloud (U.S.) is logically and physically administered exclusively by U.S. citizens.

To secure the workloads that contain all categories of Controlled Unclassified Information (CUI) data and government-oriented, publicly available data in the AWS GovCloud (U.S.) Region, SonicWall’s NSv Series virtual firewalls provides the same security features in AWS GovCloud as on the standard AWS public cloud. Through this partnership, SonicWall is extending the protection of mission-critical government workloads with virtual security products optimized for AWS.

What is SonicWall NSv virtual firewall?

SonicWall’s NSv Series virtual firewalls provide all the security advantages of a physical firewall, plus all the operational and economic benefits of the cloud — including system scalability and agility, speed of system provisioning, simple management, and cost reduction.

NSv delivers full-featured security tools including VPN, IPS, application control and URL filtering. These capabilities shield all critical components of the private/public cloud environments from resource misuse attacks, cross-virtual-machine attacks, side-channel attacks, and common network-based exploits and threats.

Users can login to their AWS GovCloud console in U.S.-West and U.S.-East regions using BYOL (Bring Your Own Licenses) and deploy NSv on AWS GovCloud.

Summary

Most Federal customers are moving their datacenters away from traditional on-premises deployments and to the cloud. It is imperative that security teams provide the same level of security for government cloud server instances as they have been doing for on-premises physical servers. A next-generation firewall with advanced security services like Real-Time Deep Memory Inspection (RTDMI™), IPS and application control is the first step to securing cloud instances against cyber threats.

In addition to security features, it also important to choose a firewall that provides the right level of performance needed for a given cloud workload. SonicWall NSv series offers a variety of models with performance levels suited to any size of cloud deployment, with all the necessary security features enabled. To learn more about how SonicWall NSv Series excels in AWS environments, click here.

SonicWall’s Multi-Cloud Offering Extends to Hyper-V Private Clouds with Flexible Licensing

Technology and data usage are changing at a rapid pace. Finding a way to store, manage and distribute data is a major challenge. Plus, the need for compute and storage grows at unprecedented rates. You need to buy racks, then hire staff to configure, maintain and monitor appliances.

It’s a no-brainer that cloud adoption is becoming inevitable.

According to a recent study by RightScale, more than 81 percent of enterprises have a multi-cloud strategy in place. Of this group, 51 percent have embraced hybrid cloud environments, while 21 percent use multiple public clouds and 10 percent have various private cloud strategies.

Cloud adoption drives business growth by increasing agility and innovation, while reducing cost. According to Gartner, by 2020 a “No-Cloud” policy will be as rare as a “No-Internet” policy is today. So, you can imagine the importance of secure cloud adoption. It is the future.

Private Cloud Security from SonicWall

In line with this, SonicWall continues to expand its cloud offering with added support of the Microsoft Hyper-V platform on SonicWall Network Security virtual (NSv) firewall series, along with new flexible licensing options. SonicWall also recently announced support for AWS* and Azure platforms.

Hyper-V support is available across the full suite of NSv firewalls. The flexible licensing model introduces a non-perpetual method of licensing your firewalls. Securing data wherever it resides should be consistent and seamless, providing you increased flexibility and an improved security posture.

Do I Need Virtual Firewalls?

While securing the cloud is a must, it is not an easy task. Gartner predicts that through 2020, 95 percent of cloud security failures will be the customer’s fault. And according to Research and Markets, the cloud data center market is expected to reach $67.5 billion by 2023.

With the widespread adoption of virtualization, it becomes increasingly critical to secure workloads and data across your multi-cloud deployment. Virtual firewalls can be deployed quickly, driving productivity and innovation. By being virtual, there is a huge benefit of shifting from CapEx to OpEx models.

Virtual firewalls, like NSv, address some of the critical needs of public cloud security. Below are some of the key benefits of leveraging NSv to protect your public cloud infrastructure and resources.

  • Gain complete visibility into virtual environment for threat prevention
  • Implement proper security zoning and ensure appropriate placement of policies
  • Defend against zero-day vulnerabilities with SonicWall Capture ATP
  • Prevent service disruptions in the virtual ecosystem
  • Gain centralized control and visibility with single-pane-of-glass management via Capture Security Center
  • Leverage agility and scalability without performance impact
  • Maintain security governance, compliance and risk management

Plus, as the threat landscape evolves and takes advantage of various vulnerabilities in the cloud and virtual workloads, it is essential to secure cloud infrastructure. Some of the common type of attacks include cross-virtual machine attacks and side-channel attacks, like PortSmash and Foreshadow.

Virtual firewalls can be used to defend against information threats and protect against unauthorized takeover of virtual machines (VMs). It can provide security at every level of the virtual environment, providing granular security posture control.

What Cloud Platforms do SonicWall Virtual Firewalls Support?

With NSv virtual firewalls you can leverage next-gen firewall capabilities across your multi-cloud deployments. Platform support currently extends to ESXi, Azure, AWS* and Hyper-V*.

How Can I Purchase NSv?

Previously, NSv was available only via perpetual licensing. To solve the challenge of relying just on perpetual model licensing and provide flexibility to our customers, SonicWall introduces non-perpetual licensing for NSv. This is an additional offering to the current SonicWall perpetual licensing model.

SonicWall licensing models provide customers the flexibility to choose perpetual licensing or non-perpetual licensing based on their requirements.

Non-Perpetual Licensing Model

Non-perpetual licensing is ideal for those who require a short-term solution and agile deployments. It’s a single bundle for firewall software, security and support services, making it simple to purchase these appliances. Once the period ends, all services expire at the same time. Customers are notified via MySonicWall before service expiration.

The non-perpetual licensing model is available via the three options: IPS/App Control Subscription, TotalSecure Subscription and TotalSecure Advanced Subscription, which is available over a one-year period.

Service Offering Type Bundled Service
IPS/App Control Subscription NSv Software + IPS + App Control + Support
TotalSecure Subscription NSv Software + CGSS + Support + CSC
TotalSecure Advanced Subscription NSv Software + AGSS + Support + CSC

Perpetual Licensing Model

Perpetual licensing is SonicWall’s traditional licensing model where firewall services do not expire, while security and support services do. Perpetual licensing is suitable to customers that require long-term solutions.

Virtual Firewall Promo: NSa/NSsp with NSv

The SonicWall NSv promo enables organizations to extend the next-gen security of their private data center to the public cloud and ensure end-to-end security of their multi-cloud environment.

Organizations can test drive SonicWall virtual firewalls at no additional cost or commitment to see if it fits their needs and requirements.

  • Test drive an NSv with a TotalSecure subscription for one year at no additional cost
  • Get an NSv TotalSecure subscription with Comprehensive Gateway Security Service (CGSS), Capture Security Center and 24×7 support
  • Requires eligible SonicWall NSa or NSsp firewall with an active AGSS/CGSS subscription
  • Deploy NSv firewalls across public and private cloud platforms, including ESXi, Azure, AWS* and Hyper-V*

To take advantage of the SonicWall NSv virtual firewall promo, please contact your dedicated SonicWall SecureFirst partner or reach out to SonicWall online.

What to Look for in a Next-Gen Virtual Firewall

To best capitalize on virtualization trends, IT must operationalize the complete virtualization of computing, networking, storage and security in a systematic way. A new approach is required to select an appropriate and effective next-generation virtual firewall solution. Download our exclusive brief to explore fundamental capabilities, core solution requirements and best practices.

* Hyper-V and AWS availability pending.

SonicWall Extends Next-Generation Firewalls to Public Cloud Deployments, Including AWS and Azure

Attacks on public cloud infrastructures increase every day.

“We are in the third era of computing — the cloud and mobile era — but security considerations on cloud are still not widely understood,” said Mark Russinovich, CTO of Microsoft Azure. “It is important to address the public cloud security concerns to facilitate its adoption.”

In this third era, securing the public cloud is critical. According to IDC, 83 percent of workloads are virtualized today, and 60 percent of large enterprises run virtual machines (VM) in the public cloud. With the rapid pace of cloud transformation, securing workloads in the cloud becomes challenging.

SonicWall takes on this challenge and extends the security of the private cloud to public clouds with SonicWall Network Security virtual (NSv) firewall series. In addition to public and private cloud security, NSv can also provide end-to-end security for multi-cloud deployments.

Cloud technology provides greater agility, scalability and infrastructure consistency, improving business efficiency. Public cloud environments supported by SonicWall NSv includes Amazon Web Services (AWS)* and Microsoft Azure.

True Next-Generation Virtual Firewall Series

SonicWall NSv series brings industry-leading next-generation firewall (NGFW) capabilities, such as application intelligence and control, real-time monitoring, IPS, TLS/SSL decryption and inspection, advanced threat protection, VPN and network segmentation capabilities, to protect your AWS and Azure environments.

NSv supports all security and networking features similar to SonicWall next-gen hardware firewall appliances, including our patented Reassembly-Free Deep Packet Inspection (RFDPI) technology and award-winning Capture Advanced Threat Protection (ATP) sandbox with Real-Time Deep Memory Inspection (RTDMI) to stop both known and unknown (e.g., zero day) cyberattacks.

You can gain complete visibility and control of your traffic across multiple virtual private cloud (VPC) and virtual networks (VN), plus provide seamless security and management capabilities with a single-pane-of-glass experience. With NSv, you can take advantage of agility, scalability, high-performance, lower operational cost, quick time-to-deployment and drive innovation.

The public platform support is available across multiple NSv models, such as NSv 200/400/800/1600. Based on the fully-featured SonicOS 6.5.0, NSv makes the move to the cloud easier and safer.

Protect Public Cloud Data, Applications with SonicWall NSv

NSv addresses some of the critical needs of public cloud security. Below are some of the key benefits of leveraging NSv to protect your public cloud infrastructure and resources.

  • Gain complete visibility into virtual environment for threat prevention
  • Implement proper security zoning and ensure appropriate placement of policies
  • Defend against zero-day vulnerabilities with SonicWall Capture ATP
  • Prevent service disruptions in the virtual ecosystem
  • Gain centralized control and visibility with single-pane-of-glass management via Capture Security Center
  • Leverage agility and scalability without performance impact
  • Maintain security governance, compliance and risk management

SonicWall NSv can be deployed in a variety of use cases including the ones below:

  • Internet gateway for ingress/egress traffic protection
  • Lateral protection of east-west traffic
  • Site-to-site VPN deployment
  • Secure end-to-end remote access
  • Multi-cloud secure connectivity

Why Choose SonicWall NSv?

In addition to the various key benefits in leveraging NSv, below are some additional reasons why you should choose NSv as the security of choice in the public cloud.

  • Patented technologies like RTDMI, RFDPI and more
  • Robust products with over 26 years of award-winning technological innovation
  • Powerful security, powered by SonicWall next-generation firewall capabilities, now extending to the cloud

* AWS availability date pending.

Try SonicWall NSv for Azure

SonicWall NSv is currently available for Azure public cloud environments. Visit the Azure Marketplace to gain next-generation security for your most sensitive Azure workloads.

New Virtual Firewalls: SonicWall NSv Provides Robust Security for Public, Private or Hybrid Cloud Environments

To keep pace with innovations and modernize data center operations and services, businesses are embracing today’s application-centric, virtualized world. Virtualization and cloud can cut costs and increase efficiency and operational agility.

Four common pitfalls of modern virtual environments

However, advantages in savings and efficiency must be weighed against applying constrained budgets to prevent potential damages due to growing threats and common pitfalls. Vulnerabilities within virtual environments are well-documented. New ones are discovered regularly that yield serious security implications and challenges. Common IT challenges in securing virtualized environments include:

  1. Monitoring and securing traffic between virtual machines
  2. Managing policy change across virtual environments
  3. Tracking and controlling the sprawl of virtual machines
  4. Protecting virtualized assets in public cloud environments

What you need in a next-generation virtual firewall

To best capitalize on virtualization trends, you should operationalize the complete virtualization of computing, networking, storage and security in a systematic way. Implement a new approach for selecting an appropriate and effective next-generation virtual firewall solution. You should explore new virtual security solutions that go beyond legacy approaches and technologies. Plus, solution components must be tightly integrated to deliver application services safely, efficiently and in a scalable manner.

A next-generation virtual firewall must offer all the security advantages of your physical firewall, along with the operational and economic benefits of virtualization. These include system scalability and agility, speed of system provisioning, simple management and cost reduction.

Introducing the SonicWall NSv virtual firewall series

The new SonicWall NSv virtual firewall series offers you all the security advantages of a physical firewall with the operational and economic benefits of virtualization. With full-featured security tools and services including Reassembly-Free Deep Packet Inspection (RFDPI), security controls and networking services equivalent to what a SonicWall physical firewall provides, NSv effectively shields all critical components of your private and public cloud environments.

NSv is easily deployed and provisioned in a multi-tenant virtual environment, typically between virtual networks (VN). This allows it to capture communications and data exchanges between virtual machines (VM) for automated breach prevention, while establishing stringent access control measures for data confidentiality and VMs safety and integrity.

The NSv Series also includes infrastructure support for high availability and scaling to fulfill any Software-Defined Data Center (SDDC) scalability and availability requirements. NSv virtual firewalls help ensure:

  • System resiliency
  • Operational uptime
  • Service delivery and availability
  • Conformance to regulatory requirements

Security threats, such as cross-virtual-machine or side-channel attacks and common network-based intrusions and application and protocol vulnerabilities, are neutralized successfully through SonicWall’s comprehensive suite of security inspection services.

All VM traffic is subjected to multiple threat analysis engines, including intrusion prevention, gateway anti-virus and anti-spyware, cloud anti-virus, botnet filtering, application control and Capture Advanced Threat Protection multi-engine sandboxing.

The NSv Series is available in multiple virtual flavors carefully packaged for broad range of virtualized and cloud deployment use cases. Delivering multi-gigabit threat prevention and encrypted traffic inspection performance, the NSv Series can adapt to capacity-level increases and ensure VN safety and application workloads and data assets are available as well as secure.

Segmentation security

With NSv segment-based security capabilities, NSv can apply an integrated set of dynamic, enforceable barriers to advanced threats. By applying security policies to the inside of the VN, segmentation can be configured to organize network resources into different segments, and allow or restrict traffic between those segments. This way, access to critical internal resources can be strictly controlled.

NSv can then automatically enforce segmentation restrictions based upon dynamic criteria, such as user identity credentials, geo-IP location and the security stature of mobile endpoints.

For extended security, NSv is also capable of integrating multi-gigabit network switching into its security segment policy and enforcement. It directs segment policy to traffic at switching points throughout the network, and globally manages segment security enforcement from a single pane of glass.

Since segments are only as effective as the security that can be enforced between them, NSv applies intrusion prevention service (IPS) to scan incoming and outgoing traffic on the VLAN segment to enhance security for internal network traffic. For each segment, it enforces a full range of security services on multiple interfaces based on enforceable policy.

Governs centrally

NSv deployments are centrally managed using both on premise with SonicWall GMS, and with SonicWall Capture Security Center, an open, scalable cloud security management, monitoring, reporting and analytics software that is delivered as a cost-effective service offering.

The SonicWall Capture Security Center gives the ultimate in visibility, agility and capacity to govern the entire SonicWall virtual and physical firewall ecosystem with greater clarity, precision, and speed — all from a single-pane-of-glass.

For more information, visit our NSv web page, and watch the video below.