Presentation is loading. Please wait.

Presentation is loading. Please wait.

SonicWall & GDPR Alexis Holmes, Channel SE UK & I

Published byClemens Straub Modified over 5 years ago

Similar presentations

Presentation on theme: "SonicWall & GDPR Alexis Holmes, Channel SE UK & I"— Presentation transcript:

1 SonicWall & GDPR Alexis Holmes, Channel SE UK & I

2 What does this mean for You?

3 During 2017 - 2018… UK based SMB consumers WILL be attacked!
This attack is likely to be in the form of Ransomware It will enter your network either via an or encrypted traffic Initial demands average 1 bit coin The ramifications of this with GDPR huge…

4 The SonicWall solution: REAL-TIME BREACH PREVENTION
The challenge The need Key enablers The solution Advanced Threats Real-Time Breach Prevention Critical Components The SonicWall Platform Value Ransomware Any Vehicle , Browser, Apps, Files Inspect all SSL/encrypted traffic Multi-engine cloud sandbox Block unknown files until a verdict is reached in near real-time Next-generation firewall Capture: Triple-engine cloud sandbox for both network and High performance SSL inspection Wireless/mobile access security security Zero-Day Any Traffic Encrypted, Unencrypted Malvertising Encrypted Malware Any Network Wired, Wireless, Mobile, Cloud Network security is undergoing a fundamental sea change. The explosion of new advanced threats and new threat vectors are rendering legacy network solutions obsolete. Ransomware, Zero Day threats, malvertising, encrypted threats, IoT-based DDOS attacks and phishing are exposing organizations of all sizes to breaches whose costs threaten more than just business disruption, they threaten business viability. This sea change is creating a need for a new breed of network security solutions that deliver more than just silo’d threat detection. The new need in network security is end-to-end real time automated breach prevention that is capable of handling the explosion of advanced threats and breaches across any delivery vehicle, any package type, any network and any device. With the growth of encrypted malware and the speed at which malware is capable of infecting and compromising an organization’s infrastructure, there are 3 critical components of any solution 1) high speed SSL inspection, 2) multi-engine, cloud-based sandboxing and 3) the ability to block a potential threat until a verdict is reached on it’s threat profile. Only SonicWall can uniquely deliver an end-to-end Automated Real-time Breach Prevention Solution that can manage threats across any delivery vehicle, any package type any network and any device. SonicWall’s next-generation firewalls, high performance SSL inspection, Capture multi-engine cloud sandbox service, SonicPoint wireless security, security with encryption and anti-phishing protection, and SSL secure mobile access are all built upon a block until verdict foundation that delivers true automated, real time breach prevention to help organizations prevent today’s advanced threats. DDoS Any Device PC, Tablet, Phone, IoT Phishing

5 Sonicwall & GDPR

6 SonicWALL & GDPR Data Loss Protection Day Zero Threats
DPI SSL Application Control Compliance Secure connectivity Day Zero Threats Capture Management & Reporting Global Management System & Analyzer Analytics

7 Data Loss Protection

8 38% Why SSL/TLS Decryption is Important 62% Encrypted Unencrypted
Without SSL/TLS decryption the advertised malware capture rate of any device is effectively cut in half. Unencrypted You have all of these changes around you, and you’re growing so fast and moving so fast that accidents are bound to happen. Take a look at this 2014 Forrester Research where they posed this question to decision makers and influencers: How confident are you that you can meet business expectations for recovery of your most critical systems with your current strategies and technologies? Only 28% were confident with their current strategy, leaving 72% worrying that they can’t meet expectations.

9 SonicWall DPI-SSL Eliminates Blind Spots in SSL Traffic
HTTPS, SMTPS, NNTPS, LDAPS, FTPS, TelnetS, IMAPS, IRCS, and POPS — and regardless of the port How much of your network traffic is HTTPS? Organizations not inspecting SSL traffic are blind to as much as 2/3 of the traffic on the network. This slide shows the internet traffic can enter and leave the network encrypted. The traffic cannot be inspected in its encrypted state by legacy security system. You wouldn’t have the ability to understand what is inside that traffic. You wouldn’t know that credit cards were being stolen or financial or health records were being exfiltrated to an external system. If you’re not currently inspecting HTTPS traffic, then you are effectively blind to nearly 2/3 of the internet traffic. Any attacks utilizing SSL/TLS will have 100 percent success rate in compromising your network. So it is very crucial that you have a capable SSL inspection engine that can effectively decrypts and inspect all traffic coming from or going to client for threats. In fact, with the movement towards an all encrypted internet, I would say it’s mandatory for all organizations.

10 DPI-SSL inspection Traditional SSL connections

11 DPI-SSL inspection DPI SSL traffic connections

12 Application Control Take control… Block unwanted applications
Throttle acceptable applications Prioritise critical applications Real-time monitoring

13 Application Intelligence & Control
Identify Categorize Application Chaos Many on Port 80 Users/Groups Policy Critical Apps: Prioritized Bandwidth ? Acceptable Apps: Managed Bandwidth Reassembly-Free Deep Packet Inspection Unacceptable Apps: Blocked Malware Blocked Cloud-based Extra-Firewall Intelligence Visualize & Manage Policy As traffic enters the network, individual applications are first identified by the firewall. (click) Malicious traffic such as malware is blocked (click), and from there applications are then categorized by the firewall based upon specific policies that were created (click) The remaining application traffic becomes prioritized and controlled by the firewall based upon the configured policies.

14 Real-time Visualisation & Control
See traffic in real-time… and react

15 SonicWall Email Security - Flexible deployment options
Configurations To Accommodate Varied Environments Hosted On-Premise Comprehensive Anti-Spam Service (CASS) Comprehensive Anti-Spam Service (CASS), is an add-on service for SonicWall TZ, NSA and E-Class NSA security appliances. CASS eliminates inbound junk at the gateway, before it enters the network. This solution is good for smaller orgs and enterprises that receive at multiple locations and need gateway-based inbound protection for less than 250 users  On-prem HW appliance/VM/Software HW appliances are a good fit for orgs from 25 users on up that want complete inbound and outbound protection on a single system from one vendor. The appliance comes with a hardened Linux-based OS and the security application installed..   SW is for orgs of 25 or more users and is designed to be installed on a Windows Server-based system. This allows for control of the platform as well as the security application. This solution is a good choice for orgs that want complete inbound and outbound protection on one system, but also require the flexibility to change, update, or add-on to the Windows-based system. VA is ideal for SMBs, enterprises or MSPs wishing to leverage shared computing resources to optimize utilization, ease migration and reduce capital costs.  

16 SonicWALL Email Security Solutions
Superior protection for small, medium, enterprise and MSP businesses Multi-layer anti-spam, anti-virus protection Compliance management Multi-tenant Flexible deployment options Scalable, redundant Enterprise deployment ready To meet the needs of small, medium, enterprise and managed service provider(MSP) businesses, SonicWALL Security solutions deliver superior protection featuring: Multiple scanning techniques that deliver superior protection from threats such as spam, malware, zombie and phishing attacks. Compliance scanning and management to protect from confidential data leaks and compliance violations Automated management and reporting that saves administrator time. A choice of deployment platforms to best meet business infrastructure requirements. The ability to easily scale and configure security systems for growth and redundancy to allow businesses to extend their infrastructure as required with out large upfront costs And lastly, features to enable Managed Service Providers to provision and manage security services for multiple customers.

17 Integrated Email Encryption
Employee Server SonicWALL Security Customer SonicWALL Encryption Compliance: Minimize exposure to regulatory violations, litigation and penalties. Trustworthy communication with your customers and partners: With robust encryption and easily-tracked delivery paths, you can send sensitive information with confidence. Cost Containment: Cut costs of faxes, printing, postage, and courier services. Better Control: Messages are monitored, tracked and reported on every step of the way. Simplicity: Have all your users securely exchanging information within hours. SonicWALL Security solutions are designed to easily scale for growth or to add redundancy, allowing businesses to expand their infrastructure as required without large upfront costs. With SonicWALL Security solutions, one or multiple security systems may be deployed at a single location or multiple locations and be centrally managed to best meet business requirements. When a single security system is deployed, security scanning and management take place on a single system. To expand security capacity or enable redundancy, additional security systems may be deployed. In this case one system is configured as an Security Control Center system, additional systems are configured as Security Remote Analyzer systems. The remote analyzer systems scan s, route good s to servers and route junk s and logs to the Control Center system to be stored. The control center centrally manages all remote analyzers, and collects and stores junk received from the remote analyzers. Centralized management includes reporting, and monitoring of all related systems. Systems may be mixed and matched, for example, if 3 systems are deployed, they may all be hardware appliances, or you may chose to deploy one hardware appliance, one virtual appliance and one windows server software based system. In either case, all systems may be managed from a single, central interface and any system may be configured as a control center system or a remote analyzer. As additional systems are added, the security subscription is shared, so no additional subscription cost is incurred. The SonicWALL’s scalable architecture makes it easy and cost effective to scale security, support distributed environments or implement a high-availability solution.

18 Introducing E-Class Secure Mobile Access
SonicWall SMA 8200v Virtual Appliance SonicWall SMA 6200 SonicWall SMA 7200 The Dell SonicWALL Aventail E-Class SRA solutions family consists of three hardware based appliances and one Virtual appliance. Further along in the presentation we will cover specific details of the individual products. The Dell SonicWALL Aventail Family of E-Class Secure Remote Access Appliances SonicWall SMA EX9000

19 Detect, Protect, Connect
Best of Breed Secure Mobile Access that ensures the appropriate level of access for any remote access use case Detect Internal Users Internal Access Protect SonicWall SMA solution Web Apps Client/Server Apps File Shares Databases VoIP VDI Solutions Applications Directories Corporate Data Center LDAP AD RADIUS Connect Remote Access Day Extender Traveling Employee Employee Using a Wireless Hotspot Employee at a Kiosk Employee Smartphone / Tablet The Dell SonicWALL Aventail approach to granular remote access control is to provide access to individual applications based on the concept of Detect, Protect and Connect. Detect the security and identity of the device used for access. Protect individual applications by establishing access based on the trust established for both the user and for the end point device. And then Connect users to authorized applications from a broad range of devices, running different operating systems and browsers. Extranet Access Business Partner from any Browser Customer/Supplier Behind a Firewall

20 End Point Control SonicWall End Point Control interrogates managed and non-IT-managed devices prior to connecting to identify the device and determine the overall trust level WorkPlace Access (Clientless Web Access) Connect Access (Client-Installed Access) EPC Device Interrogation Interrogate by Device Profile IT Managed Non-Managed Windows Windows Mobile Macintosh Linux iOS/Android For Device Identity Mapped Directory Windows Domain Membership Device Watermark/ Certificate Any Resident File Windows, Mac, Linux Device ID Mobile Device ID Traditional Client/Server Applications File Shares VoIP Applications Corporate Network And Device Integrity Anti-Virus Registry Key Windows OS Level Personal Firewall Anti-Spyware With Data Security Cache Control Secure Virtual Desktop Dell SonicWALL End Point Control detects the identity and security state of the end device. It works by interrogating Windows, Macintosh, Linux, iOS, Android and Windows Mobile devices prior to connecting, and it does it on a regular schedule after the connection is established. Device interrogation is done to determine device identity and device integrity. This is measured by comparing what is found on the endpoint device against what administrators have set as requirements. For example, is the device running anti-virus, anti-spyware or personal firewall software? The results of the interrogation can be used to make policy decisions as well as to determine if cache cleaning or secure virtual desktop should be enabled or not.

21 Mobile Connect for iOS & Android
SonicWall Aventail E-Class SMA Appliances Step 1: Download Mobile Connect Step 3: Configure SSL VPN Connection SonicWall SMA Appliances SonicWall Next-Generation Firewalls Step 1: Download Mobile Connect from the App Store. Step 2: Install Mobile Connect on any device running iOS 4.2 or higher. Step 3: Create an SSL VPN policy to existing Dell SonicWALL Aventail E-Class SRA, SRA or Next-Generation Firewall. Note: The configuration will change depending on what type of device is detected during the initial server configuration. Step 2:Install Mobile Connect

22 Day Zero Threats

23 How Day Zero attacks work
Spam + malicious file or link Infection/file encryption File encryption filter Exploitation / Infection Exploit Kit Propagation File encryption File encryption Malicious or compromised site + exploit kit or malware Infection/file encryption Crypto-ransomware is a family of malware (cryptowall, teslacrypt, locky, etc..) that takes files on a PC or network storage, encrypts them, and then extorts money to unlock the files. User clicks on infected file , website, etc.. Executable runs with the same permissions as logged on user – NOTE “Propagation” loop in Yellow, this is how exploited end point systems spread ransomware internally Searches extensively for files to encrypt locally as well as any drive letter or network share, that it can locate and access ( open shares) Even payment does not guarantee success hell o Encrypt hello Decrypt

24 How day zero attacks work
Spam + malicious file or link Infection/file encryption File encryption filter Exploitation / Infection Exploit Kit Propagation File encryption File encryption Malicious or compromised site + exploit kit or malware Infection/file encryption Crypto-ransomware is a family of malware (cryptowall, teslacrypt, locky, etc..) that takes files on a PC or network storage, encrypts them, and then extorts money to unlock the files. User clicks on infected file , website, etc.. Executable runs with the same permissions as logged on user – NOTE “Propagation” loop in Yellow, this is how exploited end point systems spread ransomware internally Searches extensively for files to encrypt locally as well as any drive letter or network share, that it can locate and access ( open shares) Even payment does not guarantee success hell o Encrypt hello Decrypt

25 Stopping Ransomware in Web & Device Traffic
Content filtering SSL decryption (man in the middle) FW and SMA inspection CGSS Sandbox Client AV

26 Stopping Ransomware in Email
FW inspects for… EMS inspects for… DMARC Signatures applied Policies checked Sandbox inspection

27 multiple engines are essential
Multi-engine advanced threat analysis detects more threats, can’t be evaded Virtualized sandbox Full system emulation Hypervisor level analysis Broad file type and OS environment analysis PE, MS Office, PDF, archives, JAR, APK Windows, Android and Mac OS (H1.17) Automated and manual file submission Increase security effectiveness against zero-day threats With SonicWALL Capture, suspicious code is executed in a multi-engine sandbox platform, which includes virtualized sandboxing, full system emulation, and hypervisor-level analysis technology. Behavior is analyzed, providing comprehensive visibility to malicious activity while resisting evasion tactics and maximizing zero-day threat detection. The service supports analysis of files of a broad range of file types, including executable programs, PDFs, MS Office documents, archives, JAR, and APK plus analysis in multiple operating system environments including Windows, Android, and Mac OSX . In addition, administrators can manually submit files to the cloud service for analysis.

28 How the Multiple Layers of Capture Work

29 Understanding Layers of security with Capture
Internet SonicWall GRID Data Center & Threat Research Team Signature updates Malicious file SonicWall Firewall SSL Decryption Gateway AV, Cloud AV Intrusion Prevention CaptureATP SonicWall Capture cloud service Capture database Capture file pre-process Capture multi-engine sandbox ? Download requests End User File Verdict Access file analysis reports, history Manage Capture settings SonicWall Firewall File scanned by Gateway AV, Cloud AV, IPS services for known malware File mirrored to CaptureATP service for analysis. File hash, URI and verdict cached on firewall Malicious file blocked if block till verdict enabled (HTTP/S only) SonicWall Capture cloud service Capture database checked for existing verdict Capture file pre-process checks AV aggregator, vendor/domain trust, file authenticode, presence of embedded code Capture sandbox platform executes file in up to 3 sandbox engines (SonicSandbox, Lastline, VMray) Verdict and behavior analysis result stored in Capture database, clean file deleted immediately. Malicious file sent to SonicWall threat team for further analysis, threat intel harvest. File deleted within 30 days MySonicWall portal Capture malicious file notification/ Capture subscription and notification Management Capture status and report access SonicWall GRID Data Center & Threat Research Team Malicious file analysis, threat intel harvest Gateway AV, IPS, Cloud AV signature updates created and submitted to Grid Network databases Malicious file deleted after analysis/signature MySonicWall portal File Verdict Instant malicious file notification/ Access file analysis reports, history Admin

30 Management & Reporting

31 Secure all networks with centralized management console
SonicWall Advantage The unified security management platform Global Management System (GMS) manages firewalls Firewalls control Wireless Access Points Switches Enforced Endpoints WAN Acceleration GMS Single Management Console Lower Operating Costs Converged Infrastructure Port Expansion Scalability SonicWall NGFW SonicWall SonicPoint SonicWall WAN Acceleration Dell X-Series Switch with PoE SonicWall’s solution to the multiple management console madness seen with a typical SMB/distributed retail location includes – GMS managing the Firewall Firewall manages the X-Series switches, SonicPoints and WAN Acceleration devices The set up is replicated across multiple locations which are all managed through GMS SonicWall Advantage – Centralized management console simplifies management through single pane of glass management and helps make troubleshooting easier as firewall manages all the other devices involved in the infrastructure. Lowers Opex – Unlike other pure play solutions where you may need to buy separate licenses for managing switches, access points, & firewalls, you can lower your licensing costs through the purchase of a single GMS license to manage the TZs. No additional licenses are required to manage the switches, SonicPoints, WXA appliances lowering operating costs. Converged Infrastructure – Single vendor solution offers better purchasing power for the buyer and ensures product continuity. Provides single point of contact for support ensuring issues are resolved faster vs. multiple vendor solution that requires multiple hoops to get through to resolve issues Scalability – With broad portfolio of products to choose from for X-Series, now your network can scale with your business growth unlike the high port density firewall solutions.

32 GMS Flow Analyzer High-performance, low-storage visualization and reporting engine Easy-to-use, intuitive “top” events dashboards Real-time mouse-overs and drill-downs for analytics One-click data pivoting for correlation of data Historical statistics and packet capture for forensic analysis Speaker’s cues: In the Fall release of GMS and Analyzer, we will introduce a powerful new reporting engine. The user interface has rich visualizations that enables users to see firewall usage at-a-glance. Extensive live links and mouse-overs enables admins to conduct analytical filtering and sorting with a single click. And captured sessions and packets enable forensic analysis of any past firewall event. All of this in a streamlined reporting engine that is economical on storage space and high performance in report generation.

33 Conclusion

34 Where does this leave us with GDPR?
May 2018 What SonicWall Achieves Data integrity Firewall, Secure Mobile Access, Security Reporting and auditing GMS, Analyzer & Flow analytics

35 SonicWall Network Security Product Portfolio Provide deep security without compromising network performance Scan every byte of network traffic, including SSL encrypted Policy enforced mobile access URL, spam and phishing protection Firewalls SSL VPN / (SMA) Security Advanced IPS/ Malware protection with anti-evasion technology Context aware application control Reassembly-free network based malware protection Per app SSL VPN access to mission critical apps and data Cross platform support for iOS, Android Mac OSX, Kindle Fire, Windows and Linux Advanced endpoint control with client interrogation Global TO + License Pool Advanced anti-malware keeps free of threats Broadest platform support including hardware, software and cloud based options Easy-to-use cloud-based administration In addition to our nextgen firewall products, we also offer security and secure access products.

36 Where does this leave us with GDPR?
May 2018 What you will still need Network Access Control User control and education Data Encryption (at rest) Secured Wireless 01-SSC-3311

37 Thank You

Download ppt "SonicWall & GDPR Alexis Holmes, Channel SE UK & I"

Similar presentations

Unified Communications Bill Palmer ADNET Technologies, Inc.

Unified Communications Bill Palmer ADNET Technologies, Inc.
2  Industry trends and challenges  Windows Server 2012: Modern workstyle, enabled  Access from virtually anywhere, any device  Full Windows experience.

2  Industry trends and challenges  Windows Server 2012: Modern workstyle, enabled  Access from virtually anywhere, any device  Full Windows experience.
Unified Logs and Reporting for Hybrid Centralized Management

Unified Logs and Reporting for Hybrid Centralized Management
Copyright 2011 Trend Micro Inc. Trend Micro Web Security- Overview.

Copyright 2011 Trend Micro Inc. Trend Micro Web Security- Overview.
Barracuda Networks Confidential1 Barracuda Backup Service Integrated Local & Offsite Data Backup.

Barracuda Networks Confidential1 Barracuda Backup Service Integrated Local & Offsite Data Backup.
Kaspersky Open Space Security: Release 2 World-class security solution for your business.

Kaspersky Open Space Security: Release 2 World-class security solution for your business.
Norman SecureTide Powerful cloud solution to stop spam and threats before it reaches your network.

Norman SecureTide Powerful cloud solution to stop spam and threats before it reaches your network.
Norman SecureSurf Protect your users when surfing the Internet.

Norman SecureSurf Protect your users when surfing the Internet.
1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.

1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.
Dell Connected Security Solutions Simplify & unify.

Dell Connected Security Solutions Simplify & unify.
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.

Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
Implementing Microsoft Exchange Online with Microsoft Office 365

Implementing Microsoft Exchange Online with Microsoft Office 365
User and Device Management

User and Device Management
Dell SonicWALL Email Security Series 2/14. Confidential 2 Dell SonicWALL Email Security solutions Product overview Agenda About email threats Protecting.

Dell SonicWALL Security Series 2/14. Confidential 2 Dell SonicWALL Security solutions Product overview Agenda About threats Protecting.
Kaspersky Small Office Security INTRODUCING New for 2014!

Kaspersky Small Office Security INTRODUCING New for 2014!
Ton den Braber Channel Manager Benelux Dell SonicWALL The Promises and Pitfalls of BYOD.

Ton den Braber Channel Manager Benelux Dell SonicWALL The Promises and Pitfalls of BYOD.
Introducing Dell SonicWALL Capture Advanced Threat Protection Service

Introducing Dell SonicWALL Capture Advanced Threat Protection Service
Web Content Security Unlock the Power of the Web

Web Content Security Unlock the Power of the Web
Barracuda NG Firewall ™

Barracuda NG Firewall ™
Barracuda SSL VPN Remote, Authenticated Access to Applications and Data.

Barracuda SSL VPN Remote, Authenticated Access to Applications and Data.

Similar presentations

Ads by Google