Presentation is loading. Please wait.

Presentation is loading. Please wait.

Why It’s Time to Upgrade to a Next-Generation Firewall Eric Crutchlow Senior Product Manager.

Similar presentations


Presentation on theme: "Why It’s Time to Upgrade to a Next-Generation Firewall Eric Crutchlow Senior Product Manager."— Presentation transcript:

1 Why It’s Time to Upgrade to a Next-Generation Firewall Eric Crutchlow Senior Product Manager

2 Why It’s Time to Upgrade to a Next-Generation Firewall Eric Crutchlow Senior Product Manager, Network Security

3 Global Marketing Can your firewall tell you …

4 Global Marketing “Something came in over port 80. Do you know what it is?”“Something came in over port 80. Do you know what it is?” “What is your social media presence/exposure?”“What is your social media presence/exposure?” Can your firewall tell you …

5 Global Marketing “Something came in over port 80. Do you know what it is?”“Something came in over port 80. Do you know what it is?” “What is your social media presence/exposure?”“What is your social media presence/exposure?” “What are you allowing outbound from your network?“What are you allowing outbound from your network? Can your firewall tell you …

6 Global Marketing “Something came in over port 80. Do you know what it is?”“Something came in over port 80. Do you know what it is?” “What is your social media presence/exposure?”“What is your social media presence/exposure?” “What are you allowing outbound from your network?“What are you allowing outbound from your network? … over SSL?… over SSL? Can your firewall tell you …

7 Global Marketing “Something came in over port 80. Do you know what it is?”“Something came in over port 80. Do you know what it is?” “What is your social media presence/exposure?”“What is your social media presence/exposure?” “What are you allowing outbound from your network?“What are you allowing outbound from your network? … over SSL?… over SSL? “What portion of your bandwidth is consumed by video?”“What portion of your bandwidth is consumed by video?” Can your firewall tell you … “Is anyone playing social or other browser games?“Is anyone playing social or other browser games?

8 Global Marketing “Something came in over port 80. Do you know what it is?”“Something came in over port 80. Do you know what it is?” “What is your social media presence/exposure?”“What is your social media presence/exposure?” “What are you allowing outbound from your network?“What are you allowing outbound from your network? … over SSL?… over SSL? “What portion of your bandwidth is consumed by video?”“What portion of your bandwidth is consumed by video?” “Is there P2P traffic on your network?”“Is there P2P traffic on your network?” Can your firewall tell you … “Is anyone playing social or other browser games?“Is anyone playing social or other browser games?

9 Global Marketing What Are Your Employees Doing? Blogging Facebook Twitter IM Streaming Video Streaming Music Browser Games 25% of office Internet traffic is non-business related 50% of surveyed companies said at least 30% of their bandwidth is being consumed by social networking traffic

10 Global Marketing “Bad?” “Good?” Application Chaos So many on Port 80 What’s On Your Network? Application Chaos Port 80/443 SSL Traffic

11 Global Marketing SECURITY: Malware Continues to Thrive Financial Gain Zeus Botnet Verizon Business RISK report 2011 “Beyond financial” Goals Duqu, Aurora, Stuxnet

12 Global Marketing Small Networks, Large Targets

13 Global Marketing Small Malware, Large Networks Lockheed Martin/RSA Breach 2011 Recruitment Plan 2011.xls APT = Advanced Persistent Threat

14 Global Marketing Small Malware, Large Networks Lockheed Martin/RSA Breach APT = Advanced Persistent Threat Spear Phishing Exploits FlashDrops in an APT Exfiltrates RSA Token data Lockheed Martin Breach Recruitment Plan 2011.xls

15 Global Marketing Can Your Firewall See the Threats? reader-security-hole/7693 Attack Vectors Through Seemingly Safe Applications

16 Global Marketing Can Your Firewall See the Threats? reader-security-hole/7693 download-manager.html Attack Vectors Through Seemingly Safe Applications

17 Global Marketing Why Do These Problems Persist? Spear-Phishing Phishing Flash 0-Day Vulnerability Vulnerability PDF Vulnerability Threats over uncommon ports User Education Hijacked Ad Servers BrowserVulnerability Hidden traffic in SSL Excel Exploit

18 Global Marketing Why Do These Problems Persist? Spear-Phishing Phishing Flash 0-Day Vulnerability Vulnerability PDF Vulnerability Threats over uncommon ports User Education Hijacked Ad Servers BrowserVulnerability Hidden traffic in SSL Excel Exploit

19 Global Marketing INTRUSION PREVENTION SSL DECRYPTION SCAN ALL TRAFFIC SECURITY

20 Global Marketing 20 SECURITY FINGERPRINT APPLICATIONS IDENTIFY USERS VISUALIZE TRAFFIC APPLICATION AWARENESS SonicWALL 2011 All Rights Reserved

21 Global Marketing 21 SECURITYAPPLICATION AWARENESS HIGH THROUGHPUT NO LATENCY ANY SIZE NETWORK PERFORMANCE SonicWALL 2011 All Rights Reserved

22 Global Marketing What is a Next-Generation Firewall Stateful Inspection Intrusion Prevention Application Control SSL Decryption/Inspection NGFW FEATURES

23 Global Marketing What is a Next-Generation Firewall Stateful Inspection Intrusion Prevention Application Control SSL Decryption/Inspection “By year-end 2014 [Next Generation Firewalls] will rise to 35% of the installed base, with 60% of new purchases being NGFWs.” - Gartner NGFW Research Note NGFW FEATURES

24 Global Marketing Application Traffic Visualization

25 Global Marketing Network Analysis Tools Do I have P2P on my Network?

26 Global Marketing Network Analysis Tools Do I have P2P on my Network? YES

27 Global Marketing Immediate Application Control Do I have P2P on my Network? YES

28 Global Marketing Network Analysis Tools “Who’s watching YouTube?”

29 Global Marketing Network Analysis Tools “Who’s watching YouTube?”

30 Global Marketing User Identification Single Sign On (AD/LDAP Integration) Local Login Identify Top Bandwidth users

31 Global Marketing Identify Top Bandwidth Users

32 Global Marketing Connection Tracking by Country

33 Global Marketing Trace & Identify Network Connections

34 Global Marketing Control Your Network, Users & Traffic

35 Global Marketing Control Your Network, Users & Traffic

36 Global Marketing Control Your Network, Users & Traffic

37 Global Marketing Control Your Network, Users & Traffic

38 Global Marketing Control Your Network, Users & Traffic

39 Global Marketing Off-box application traffic analytics Off-box reporting Historic advanced reporting Trouble shooting, forensics Schedule customer reports Across multiple devices On-box reporting Quick sample “right now” Application control For a single device

40 Global Marketing Architecture Makes a Difference Stateful Inspection Engine Decompression IPS Module AV Module Traditional Firewalls with Modules NGFW Integrated Engine buffering

41 Global Marketing The “RFDPI” Engine Preprocessors Postprocessors TCP Reassembly Policy Decision API Deep Packet Inspection Engine Pattern Definition Language Interpreter Signature Input Packet Output Packet Massively Scalable Multi-Core Architecture

42 Global Marketing Branch NGFW: NSA 220 & 250M Multi-core Branch Office Next Generation Firewall SECURITY & APPLICATION CONTROL NSA 220/W NSA 250M/W

43 Global Marketing Branch NGFW: NSA 220 & 250M NSA 220 Series NSA 250M Series  Equipment Consolidation  Hardware Failover  ISP Failover  Load Balancing  Centralized Management  Secure Remote Access  Clean n Wireless

44 Global Marketing World’s First 10Gbps Threat Prevention Platform First 30 Gbps Application Intelligence Platform SuperMassive E10000 Series

45 Global Marketing SonicWALL Next-Generation Firewalls SuperMassive™ E10000 Series E-Class NSA Series NSA Series TZ Series E10100E10200E10400E10800 NSA E8500NSA E7500NSA E6500NSA E5500 NSA 4500 NSA 3500NSA 2400MX NSA 2400 NSA 220/250M TZ 210 Series NSA E8510 Data centers, ISPs Medium to large organizations Branch offices and medium sized organizations Small and remote offices

46 Global Marketing SonicGRID: Security Protection at Scale 6,000,000+ CloudAV Threat Sgtrs. 25,000 Onboard Threat Family Sgtrs Application Signatures World Renowned Expertise Active industry research contributor 100% IP ownership of all signatures

47 Global Marketing SonicWALL WAN Acceleration WXA 5000 WXA 2000 WXA 4000 WXA 500 Live CD

48 Global Marketing SonicWALL Clean Wireless SonicPoint-Ni SonicPoint-Ne SonicPoint-N Dual Radio

49 Global Marketing Next Generation Firewall SECURITY APPLICATION AWARENESSPERFORMANCE

50 Global Marketing Take a Step Towards an NGFW Secure Upgrade Program Contact nearest Dell SonicWALL Reseller Secure Upgrade Program Contact nearest Dell SonicWALL Reseller

51 Global Marketing The Net Sec Challenge – Enterprise

52 Global Marketing The Net Sec Challenge – Enterprise

53 Global Marketing The Net Sec Challenge – Enterprise

54 Global Marketing The Net Sec Challenge – Enterprise

55 Global Marketing The Net Sec Challenge – Enterprise

56 Global Marketing The Net Sec Challenge – Enterprise

57 Q&A 57


Download ppt "Why It’s Time to Upgrade to a Next-Generation Firewall Eric Crutchlow Senior Product Manager."

Similar presentations


Ads by Google