Challenges in Network Security 2011 SonicWALL Inc.

Technology Trends - Networking a Key Driver 2  Bandwidth  Performance  Availability  Efficiency  Manageability  Security

Network Security Remains an Issue  Computer malware, still a problem later:  Built in the Laboratory – Creeper (BBN)  In the wild – Elk Cloner (Skrenta)  On the Internet – Morris Worm (Cornell)  2010 – Unyielding Malware and Spam fueled by self propagating BotNets  Physical security analogy – Bank Robberies Why rob banks? “That’s where the money is” CONFIDENTIAL All rights reserved. 3

 Network Attacks have evolved to the Application Level Why do they exist? It’s Human Nature …  Programmers make mistakes  Malware exploits mistakes Software everyone uses daily…

Seemingly Safe Applications Adobe PDF Reader CONFIDENTIAL All Rights Reserved 5 reader-security-hole/7693 Adobe Download Manager download-manager.html

“The Dirty Dozen” Most Vulnerable Applications for 2010 Which do you use? 1. Google Chrome 2. Apple Safari 3. MS Office 4. Adobe Acrobat 5. Mozilla Firefox 6. Sun JDK 7. Adobe Shockwave Player 8. Microsoft Internet Explorer 9. RealNetworks RealPlayer 10. Apple Webkit 11. Adobe Flash Player 12. Apple Quicktime and the Opera Web browser (tied) CONFIDENTIAL All Rights Reserved 6

Malware Lurks in Social Networks CONFIDENTIAL All Rights Reserved 7 Set-up: Create bogus celebrity LinkedIn profiles Lure: Place link to celebrity “videos” in profile Attack: Download of “codec” required to view video Infect: Codec is actually Malware Result: System compromised

SonicWALL Security Center A Typical Day in 2010

Application Chaos “Bad  Control”“Good  Prioritize?” Challenge: Secure Separate good from bad  More applications  Fundamental shifts in infrastructure  Less budget  Less staff  Less control

Traditional Firewalls Obsolete Current Traditional Firewall Threats Legacy System Access IDS/IDP Basic Applications Worms Application Access Application Layer Threats Proxy Software Vulnerabilities Required Complete Inspection must span the communicati on spectrum 10 Copyright 2010 SonicWALL Inc. All Right Reserved. Traditional Firewalls -Ignore Application Level Traffic -Focus on network level threats -Point solutions become complex to manage and are not adequate in scalability and security Threats have evolved, Firewalls must too

Network Security & 10 Gig Security Network Security must evolve due to … 1.Need for Application Control  Including SSL Inspection 2.Need for Full Security with Deep Packet Inspection 3.Faster interconnect (10GbE) Who wants 10+ Gb Security?  Government (ie: DoE, NSx, CIx, etc)  University (ie: 10GE infrastructure)  Business (ie: Cloud / Data Center / Backbone / App Clusters)  Core Internet Players  Cloud providers  Internet Service providers  Mobile Internet Service providers 11

Next Generation Security Architecture 12 SonicWALL Solution Features 1. Consolidated & Integrated Security Technology 2. Application Visibility - Inspection of Real-time & Latency Sensitive Applications/Traffic 3. Scalable & High Performing Enough to Protect Against Perimeter and Internal Network Challenges Multi-Tiered Protection Technology Security Requirements Patented Re-Assembly Free DPI (RFDPI) Multi-Core High Perf. Architecture 12 Copyright 2010 SonicWALL Inc. All Right Reserved.

Application Intelligence & Control on Next Generation Firewall CONFIDENTIAL All Rights Reserved 13 Application Chaos So many on Port 80 Critical Apps Prioritized Bandwidth Acceptable Apps Managed Bandwidth Unacceptable Apps Blocked Identify By Application - Not by Port & Protocol By User/Group -Not by IP By Content Inspection -Not by Filename Categorize By Application By Application Category By Destination By Content By User/Group Users/Groups Ingress Control Prioritize Apps by Policy Manage Apps by Policy Block Apps by Policy Detect and Block Malware Detect & Prevent Intrusion Attempts Policy Visualize & Manage Policy Cloud-Based Extra-Firewall Intelligence Egress Malware Blocked Massively Scalable Next-Generation Security Platform High Performance Multi-Core Re-Assembly Free DPI Visualize

Better Network Intelligence CONFIDENTIAL All Rights Reserved 14

App Traffic Visualization for Fast Analysis CONFIDENTIAL All Rights Reserved 15

User Identification  Single Sign On (AD/LDAP Integration)  Local Login  Identify Top Bandwidth users CONFIDENTIAL All Rights Reserved 16

Powerful Control CONFIDENTIAL All Rights Reserved 17  Bandwidth Manage OR Block  By User or Group, with Exceptions  By Schedule  By App Category  By App Feature  By Single App Available Today since SonicOS 5.0

SonicWALL Scalable DPI/NGFW Lineup $25K $ Mbps Least Expensive NGFW from any Vendor One software code base One architecture Order of Magnitude Scalability NGFW Features TZ200 TZ100 TZ210 NSA 240 NSA 2400 NSA 3500 NSA 4500 NSA E 5500 NSA E6500 NSA E7500 NSA E10000* 25Mbps 18 Fastest NGFW from any Vendor NSA E8500

SuperMassive E10000 Series CONFIDENTIAL All Rights Reserved 19

CONFIDENTIAL All Rights Reserved 20 Next Generation Security Platform Introducing Project “SuperMassive”

Next-Generation Network Security Platform Comprehensive Inspection  Application Intelligence & Control  Powerful IPS, Multi-gig performance  Management/Visualization of traffic  RFDPI Technology  SSL Traffic Inspection  High Availability: A/P, A/A, StateSync, Clustering The Technology  96 processor cores  40+ Gbps Stateful Inspection  30+ Gbps IPS  30+ Application Control  10+ Gbps Threat Prevention  Detects over 1 Million unique threats Detects, Classifies and Controls over 3,500 Unique Applications

Design for Extreme Performance CONFIDENTIAL All Rights Reserved 22 Ultra-Low Latency High Performance 240 Gbps Interconnect Near-Linear Scalability with doubling of processing cores

CONFIDENTIAL All Rights Reserved Cores (A/A Config) 24 Cores 48 Cores 96 Cores SuperMassive E10000 Series

CONFIDENTIAL All Rights Reserved 24 Stateful: 40 Gbps App Control:30 Gbps IPS:30 Gbps Anti-Malware: 10 Gbps VPN:20 Gbps Conn/sec:640k/sec SPI Conn:12,000,000 DPI Conn:10,000,000 Stateful: 40 Gbps App Control:30 Gbps IPS:30 Gbps Anti-Malware: 10 Gbps VPN:20 Gbps Conn/sec:640k/sec SPI Conn:12,000,000 DPI Conn:10,000,000 Stateful: 10 Gbps App Control:7.5 Gbps IPS:7.5 Gbps Anti-Malware: 3 Gbps VPN:5.0 Gbps Conn/sec: 160k/sec SPI Conn:3,000,000 DPI Conn:2,500,000 Stateful: 10 Gbps App Control:7.5 Gbps IPS:7.5 Gbps Anti-Malware: 3 Gbps VPN:5.0 Gbps Conn/sec: 160k/sec SPI Conn:3,000,000 DPI Conn:2,500,000 Stateful: 20 Gbps App Control:15 Gbps IPS:15 Gbps Anti-Malware:6.0 Gbps VPN:10 Gbps Conn/sec:320k/sec SPI Conn:6,000,000 DPI Conn:5,000,000 Stateful: 20 Gbps App Control:15 Gbps IPS:15 Gbps Anti-Malware:6.0 Gbps VPN:10 Gbps Conn/sec:320k/sec SPI Conn:6,000,000 DPI Conn:5,000,000 Stateful: 5+ Gbps App Control:3.0+ Gbps IPS:3.0+ Gbps Anti-Malware:1.5+ Gbps VPN:2.5+ Gbps Conn/sec:80k/sec SPI Conn:1,500,000 DPI Conn:1,250,000 Stateful: 5+ Gbps App Control:3.0+ Gbps IPS:3.0+ Gbps Anti-Malware:1.5+ Gbps VPN:2.5+ Gbps Conn/sec:80k/sec SPI Conn:1,500,000 DPI Conn:1,250,000 SuperMassive E10000 Series 6x10 GbE SFP+ 16x10 GbE SFP 6x10 GbE SFP+ 16x10 GbE SFP 6x10 GbE SFP+ 16x10 GbE SFP 6x10 GbE SFP+ 16x10 GbE SFP 24 Cores (A/A Config) 24 Cores 48 Cores 96 Cores

SonicGRID: Security Protection at Scale  1,000,000+ Individual Threats  25,000 Threat Family Signatures  Application Signatures 25 World Renowned Expertise Active industry research contributor Delivers continuous security subscription IP and content 100% IP ownership of all signatures

SonicWALL: Dynamic Security for the Global Network  Next Generation Firewall and 10/40 Gigabits of full security protection  Global, Distributed, Mobile and Cloud  Real-time Awareness and Visibility  Communication of Shared Threats and Shared Defenses  Proactive Risk Management and Compliance  Best Economics 26

Q&A CONFIDENTIAL All Rights Reserved 27