Upload
felicia-daniel
View
217
Download
0
Tags:
Embed Size (px)
Citation preview
Solutions Road Show 2014March’ 2014 | India
Protection from Next Gen Threats
Pralobh Menon
Sales Engineer DELL SonicWALL (South)
Pralobh MenonDell India Pvt Ltd
2Solutions Road Show 2014
March’ 2014 | IndiaConfidential
DELL SonicWALL solutions
1. Next Generation firewalls2. Secure Remote Access (SSL-VPN)3. Reporting & Management
3Solutions Road Show 2014
March’ 2014 | IndiaConfidential
MobileConnect
Secure remote access
Email security
Policy & management
Hosted
MobileConnect
Network security
Dell SonicWALL Product Portfolio
Clean wireless – SonicPoint-N Series WAN acceleration
4Solutions Road Show 2014
March’ 2014 | IndiaConfidential
Dell SonicWALLFirewalls
5Solutions Road Show 2014
March’ 2014 | IndiaConfidential
Dell SonicWALL NGFW lineup
SuperMassive E10800SuperMassive E10400SuperMassive E10200
SuperMassive 9600SuperMassive 9400SuperMassive 9200
SMB/campus/branch
Enterprise, data centerDell SonicWALL SuperMassive Series
NSA 6600NSA 5600NSA 4600
NSA 3600
NSA 2600NSA 250M/220
Dell SonicWALL NSA Series
TZ 215TZ 205TZ 105
Dell SonicWALL TZ Series
6Solutions Road Show 2014
March’ 2014 | IndiaConfidential
Looking at the box - Front
7Solutions Road Show 2014
March’ 2014 | IndiaConfidential
Looking at the box - Back
8
Network Traffic Visualization
Real-time Traffic BreakdownUser Traffic Consumption Identify P2P Traffic
Bandwidth BreakdownApp Traffic Drilldown
9Solutions Road Show 2014
March’ 2014 | IndiaConfidential
Dell SonicWALL next-generation firewall
Unacceptable Apps
Acceptable Apps
Critical Apps
Malware Blocked
Application Chaos
Ingress
Reassembly-FreeDeep Packet Inspection
Egress
Cloud-BasedExtra-FirewallIntelligence
Users/Groups Policy
IdentifyBy Application - Not by Port & ProtocolBy User/Group-Not by IPBy Content Inspection-Not by Filename
CategorizeBy ApplicationBy Application CategoryBy DestinationBy ContentBy User/Group
ControlPrioritize Apps by PolicyManage Apps by PolicyBlock Apps by PolicyDetect and Block MalwareDetect & Prevent Intrusion Attempts
10Solutions Road Show 2014
March’ 2014 | IndiaConfidential
Application Intelligence
11Solutions Road Show 2014
March’ 2014 | IndiaConfidential
Advanced App Control
Application Library with over 4235
unique Application UsesGranular Control
Allow Facebook, Block BitTorrent
Allow Chat, Block File Transfer- Group/User Based- Schedule Based- Exceptions
12Solutions Road Show 2014
March’ 2014 | IndiaConfidential
Geo-IP Filter
Confidential12
Block traffic from Hostile Countries
13Solutions Road Show 2014
March’ 2014 | IndiaConfidential
SonicWALL On-Board DPI Security Services
Intrusion PreventionGateway Anti-VirusGateway Anti-SpywareCloud-AVContent/URL FilteringDPI SSL (SSL Inspection)Application Intelligence & ControlApplication VisualizationComprehensive Anti-Spam
14Solutions Road Show 2014
March’ 2014 | IndiaConfidential
NGFW Wire & L2 Bridge Mode DeploymentNGFW insertion into a network with an existing gateway
firewall Layer 2 Bridge or Wire Mode Deployment
Discover application usage & threats leaking through the traditional firewall
Before After
15Solutions Road Show 2014
March’ 2014 | IndiaConfidential
Next Generation Firewall (NGFW)
Breaks the malware cycle
Compromised “Good” Site
Malware Hosting Site
Page Visit
Malware Request
Exploit
Malware
SS
L D
ecry
pti
on
URL Filtering
Intrusion Preventi
on
Network Anti-Virus
Cloud Anti-Virus
Botnet Filtering
16Solutions Road Show 2014
March’ 2014 | IndiaConfidential
Introducing the SuperMassive 9000 Series
Industry leading power, space, and
cooling all in an elegant 1 rack unit
design.
The NGFW specifically
engineered for 10Gb+ enterprise
networks.
Capable of scaling to meet the high DPI performance and low latency demands of the
world’s largest data centers and
carriers.
The NGFW is designed to deliver
deep security to your enterprise at
multi-gigabit speeds
Industry leading performance and PSC in an elegant, 1RU design
17Solutions Road Show 2014
March’ 2014 | IndiaConfidential
Performance
• 9.7 Gbps IPS & Application Control• 20 Gbps Firewall Throughput• 5 Gbps Threat Prevention • 32x1.2 Ghz, 32 GB Ram
• 8 Gbps IPS & Application Control• 20 Gbps Firewall Throughput• 4.5 Gbps Threat Prevention• 32x1.2 Ghz, 16 GB Ram
• 5.0 Gbps IPS & Application Control• 10 Gbps Firewall Throughput• 3.5 Gbps Threat Prevention • 24x1.0 Ghz, 8 GB Ram
SuperMassive 9600
SuperMassive 9400
SuperMassive 9200
18Solutions Road Show 2014
March’ 2014 | IndiaConfidential
Performance• 4.5 Gbps IPS & Application
Control• 12 Gbps Firewall Throughput• 3 Gbps DPI Throughput• 24 x 1Ghz, 4 GB RAM
• 3 Gbps IPS & Application Control• 9 Gbps Firewall Throughput• 1.6 Gbps DPI Throughput• 10 x 1.3Ghz, 4 GB RAM
• 2 Gbps IPS & Application Control• 6 Gbps Firewall Throughput• 800 Mbps DPI Throughput• 8 x 1.1Ghz, 2 GB RAM
• 1.1 Gbps IPS & Application Control
• 3.4 Gbps Firewall Throughput• 500 Mbps DPI Throughput• 6 x 800Mhz, 2 GB RAM
19Solutions Road Show 2014
March’ 2014 | IndiaConfidential
MulticoreE10200
E10400 E10800
24 Cores
48 Cores 96 Cores
20Solutions Road Show 2014
March’ 2014 | IndiaConfidential
Top Deployments1. Traditional NAT Gateway with Security & Remote Access
2. High Availability Modes– Active/Passive with State Synchronization– Active/Active DPI with State Synchronization– Active/Active Clustering
3. In-Line Deployments: Wire mode or Layer 2 Bridge Mode, Tap Mode– Easy Network Insertion, no network re-numbering
4. “Clean Wireless” Deployment– Firewall as a wireless controller– DPI on all wireless traffic
5. “CleanVPN” Deployment– Firewall as a VPN Concentrator– DPI on all incoming VPN traffic
6. VPN Concentrator for Distributed Enterprise– Global Management System (GMS) to provision and manage branch offices– Connectivity through central SuperMassive or E-Class NSA firewall– All security done at the central site
7. Network Segmentation (Security Zones)– Network Segmentation via VLAN & Security Zones– Different Security policies for each Security Zone
21Solutions Road Show 2014
March’ 2014 | IndiaConfidential
Flexible Wire Mode Deployment
Bypass Inspect Secure
Allows for the quick and relatively non interruptive introduction of SuperMassive into a network (ie: between a core switch and a perimeter firewall, in front of a VM server farm, at a transition point between data classification domains).
Inspect Mode provides full visibility & low-risk, zero-latency packet path.
Secure Mode is the progression of Inspect Mode, actively interposing active control into the packet processing path.
22Solutions Road Show 2014
March’ 2014 | IndiaConfidential
Secure Remote Access
23Solutions Road Show 2014
March’ 2014 | IndiaConfidential
E-Class Secure Remote Access Series
Secure Remote Access Series
Dell SonicWALL Secure Remote Access
SRA EX7000 SRA EX6000 Virtual ApplianceSRA EX9000
Detect – granular end-point control detects identity and security state
Protect – unified policy limits user access to authorized applications only
Connect – smart access and tunneling ensure easy, secure access to all network resources
Secure remote access for all users, devices and applications
Connect Mobile
Spike License
Secure Virtual Assist
Advanced Reporting
Native Access Modules
Mobile Connect
End PointControl
SRA 1200 Virtual ApplianceSRA 4200
Secure Virtual Access
Web App Firewall
Secure Virtual Assist
Spike LicenseMobile Connect
End PointControl
Secure Virtual Meeting
24Solutions Road Show 2014
March’ 2014 | IndiaConfidential
Internal Users
Perimeter is starting to Fade. Mobility trends are putting endpoints Increasingly Out of IT Control
Day Extenders
Home OfficeUsers
Traveling Executives
Kiosks/Public Machine Users
PDA & Smart Phone Users
Wireless LAN
Users
VOIP Users
Business Partners/ Extranet Users
Saas, Web 2.0 Real-Time Apps
25Solutions Road Show 2014
March’ 2014 | IndiaConfidential
The Dell SonicWALL Aventail approach to Secure Remote Access
Business Partner from any Browser
Customer/Supplier Behind a Firewall
Extranet Access
Internal Users
Internal Access
Dell SonicWALL SSL VPN SolutionTraveling
Employee
Day Extender
Employee at a Kiosk
Employee Using a Wireless Hotspot
Remote Access
Employee Smart Phones/ Tablets
Protect applications with granular access control based on user identity and device integrity
Detect what is running on the end point device
Connect users securely and easily to applications on any device
Connect
Web Apps
Client/Server Apps
File Shares
Databases
VoIP
VDI Infrastructure
ApplicationsDirectories
Corporate Perimeter
LDAP
AD
RADIUS
LDAP
Detect Protect Connect
26Solutions Road Show 2014
March’ 2014 | IndiaConfidential
WorkPlace access: Access to web-based and client/server applications from virtually any device.
Connect: Smart access to unmanaged devices
Welcome to the myCompany Remote Access Portal
27Solutions Road Show 2014
March’ 2014 | IndiaConfidential
Detect: EPC for iOS/Android Devices
EPC options for iOS•Determine jailbreak status•DeviceID (Based on the UDID of the iOS device)
•Certificate enforcement•OS version control
EPC options for Android•Determine root status•DeviceID (Based on the IMEI of the Android device)
•Certificate enforcement•OS version control•Enforcement of anti-virus
28Solutions Road Show 2014
March’ 2014 | IndiaConfidential
Connect: Dell SonicWALL Mobile Connect• Unified client app supporting SSL VPN connectivity to the E-Class
SRA, SRA and Next-Generation Firewall solutions
• Determine if the device is Jailbroken or rooted (E-Class SRA Only)
• Unified policy controls to limit access from Android or iOS enabled devices
• Easily downloadable from Google play or App Store for iOSiOS
Android
Dell SonicWALL SSL VPN Solution
Web Apps
Client/Server Apps
File Shares
Databases
VoIP
VDI Infrastructure
ApplicationsDirectories
Corporate Perimeter
LDAP
AD
RADIUS
LDAP
Internet
29Solutions Road Show 2014
March’ 2014 | IndiaConfidential
Mobile Connect for iOS / Android
Dell Aventail E-Class SRA Appliances
Dell SonicWALL SRA Appliances
Dell SonicWALL Next-Generation
Firewalls
Step 1: Download
Mobile Connect
Step 2:Install Mobile
Connect
Step 3: Configure SSL VPN
Connection
30Solutions Road Show 2014
March’ 2014 | IndiaConfidential
Management and Reporting
31Solutions Road Show 2014
March’ 2014 | IndiaConfidential
Management and reporting
ScrutinizerFlow Analytics
for
SonicWALL firewalls,3rd party routers, switches,firewalls
AnalyzerReporting & Analytics
for
SonicWALL firewall,CDP, and SRA appliances
GMS 7.0Reporting & Analytics,Policy Management,Monitoring
for
SonicWALL firewall,CDP, SRA, email security appliances
32Solutions Road Show 2014
March’ 2014 | IndiaConfidential
GMS 7.0 & Analyzer – Application traffic analytics
Trouble shooting, forensics, app usage reports for customers
.
34Solutions Road Show 2014
March’ 2014 | IndiaConfidential
3rd Party Validation
35Solutions Road Show 2014
March’ 2014 | IndiaConfidential
The NSS Security Value Map
Summary of 2013 NGFW testing results from www.nsslabs.com
Classification- Recommended- Caution- 2xNeutral
Final Product Rating near the name of the product
Lines signify corrections due to major failures- No line = No Major Failure
36Solutions Road Show 2014
March’ 2014 | IndiaConfidential
UTM Firewall 2012 MagicQuadrant (March 2012)– SonicWALL was positioned
in the Leaders Quadrant for 2012
Fast-Forwarding Firewall Face-Off(April 2012)– Best Overall Performance for NGFW– Best Overall Performance for UTM– Best Overall Performance for SSL Decryption
37Solutions Road Show 2014
March’ 2014 | IndiaConfidential
Q&A
38Solutions Road Show 2014
March’ 2014 | IndiaConfidential
Thank You