Transcript Application Intelligence, Control and Visualization

Application Intelligence, Control
and Visualization
Patrick Sweeney, VP Product Management / Corp
David Lee, VP Marketing Communications
Nov 2010
Andy Barrow
SonicWALL Product Manager
Westcon Security
Tel : +44 1753 797944
Technology Trends
Impacts to Productivity & ROI
 Bandwidth
 Performance
 Availability
 Efficiency
 Manageability
 Security
3
Security is an Ongoing Challenge
Ripped from the Headlines
Computer malware, still a problem nearly 40 years later:



1971 - Built in the Laboratory – Creeper (BBN)
1981 - In the wild – Elk Cloner (Skrenta)
1988 - On the Internet – Morris Worm (Cornell)
It’s Human Nature…

Physical security analogy: The first US bank robbery took place
Sep 1, 1798, and more than 500 bank robberies will occurred in
the US in 2009 – the bank security business is today measured in
the $10’s of billions
2010 – Unyielding Malware and Spam fueled by BotNets
4
CONFIDENTIAL All Rights Reserved
Security is an Ongoing Challenge
Ripped from the Headlines
http://www.guardian.co.uk/technology/2010/ja
n/14/google-hacking-china-cyberwar
5
Confidential - All Rights Reserved
July 21, 2015
Not the First to Lose Vital Data
Chinese hackers attack MI5
“Just over two years ago the head of MI5, Jonathan Evans,
wrote to about 300 British firms warning them to be wary of
Chinese hackers trying to monitor their systems or break into
them remotely via the internet:
Rolls-Royce intruded
Rolls-Royce, the jet engine maker, and Royal Dutch Shell had
both fallen victim to computer intrusions. It was only part of an
ongoing strategy of "information warfare" that China's
government – through its People's Liberation Army (PLA) – is
carrying out across the world.”
6
CONFIDENTIAL All Rights Reserved
The Problem…
Vulnerabilities are in the software everyone uses everyday…
Problem


Programmers make mistakes
Malware exploits mistakes
Solution
SonicWALL Security Center provides
up-to-minute information about viruses,
vulnerabilities, and spyware
7
CONFIDENTIAL All Rights Reserved
Result: Relentless, Unyielding Malware
A Typical Day in 2010
SonicWALL Security Center www.sonicwall.com/securitycenter.asp
Malware Lurks in Social Networks
Set-up: Create bogus celebrity LinkedIn profiles
Lure: Place link to celebrity “videos” in profile
Attack: Download of “codec” required to view video
Infect: Codec is actually Malware
Result: System compromised
9
CONFIDENTIAL All Rights Reserved
What Are Your Employees Doing?









10
Blogging
Facebook
25% of office Internet traffic is nonbusiness related
(Burst Media Survey, 2008)
Twitter
IM
Streaming video
Streaming audio
Downloading files
Playing games
Personal Webmail
Copyright 2010 SonicWALL Inc. All Right Reserved.
50% of surveyed companies said at least
30% of their bandwidth is being
consumed by social networking traffic
(Forrester, Feb 2009)
Application Chaos
IT Controls Challenged
Who chooses what Applications are good or bad for you?
Acceptable Apps
Unacceptable Apps
The Problems Today:
Security and Productivity
What are the THREATS?
What APPLICATIONS are really on my network?
Where is ALL my BANDWIDTH going?
Where is this TRAFFIC coming from?
13
CONFIDENTIAL All Rights Reserved
Overcoming Application Chaos…
The market demands a new control paradigm based on scanning everything,
and understanding traffic for all applications and users
SonicWALL Next-Generation Firewall
Identify
Categorize
Control
By Application, Not by Port & Protocol
By User/Group, Not by IP
By Content Inspection, Not by Filename
By Application
By Application Category
By Destination
By Content
By User/Group
Prioritize Apps by Policy
Manage Apps by Policy
Block Apps by Policy
Detect and Block Malware
Detect & Prevent Intrusion Attempts
Application Chaos
Many on Port 80
?
?
? ? ?
? ?
CONFIDENTIAL All Rights Reserved
15
Massively Scalable
Next-Generation
Security Platform
High Performance Multi-Core
Re-Assembly Free
DPI
SonicWALL Next-Generation Firewall
Identify
Categorize
Control
By Application, Not by Port & Protocol
By User/Group, Not by IP
By Content Inspection, Not by Filename
By Application
By Application Category
By Destination
By Content
By User/Group
Prioritize Apps by Policy
Manage Apps by Policy
Block Apps by Policy
Detect and Block Malware
Detect & Prevent Intrusion Attempts
Application Chaos
Many on Port 80
?
?
? ? ?
? ?
16
CONFIDENTIAL All Rights Reserved
Massively Scalable
Next-Generation
Security Platform
High Performance Multi-Core
Re-Assembly Free
DPI
SonicWALL Next-Generation Firewall
Identify
Categorize
Control
By Application, Not by Port & Protocol
By User/Group, Not by IP
By Content Inspection, Not by Filename
By Application
By Application Category
By Destination
By Content
By User/Group
Prioritize Apps by Policy
Manage Apps by Policy
Block Apps by Policy
Detect and Block Malware
Detect & Prevent Intrusion Attempts
Application Chaos
Many on Port 80
Massively Scalable
Next-Generation
Security Platform
High Performance Multi-Core
Re-Assembly Free
DPI
Cloud-based
Extra Firewall
Intelligence
17
CONFIDENTIAL All Rights Reserved
Malware Blocked
SonicWALL Next-Generation Firewall
Identify
Categorize
Control
By Application, Not by Port & Protocol
By User/Group, Not by IP
By Content Inspection, Not by Filename
By Application
By Application Category
By Destination
By Content
By User/Group
Prioritize Apps by Policy
Manage Apps by Policy
Block Apps by Policy
Detect and Block Malware
Detect & Prevent Intrusion Attempts
Users/Groups
Application Chaos
Many on Port 80
Policy
Massively Scalable
Next-Generation
Security Platform
High Performance Multi-Core
Re-Assembly Free
DPI
Cloud-based
Extra Firewall
Intelligence
18
CONFIDENTIAL All Rights Reserved
Malware Blocked
SonicWALL Next-Generation Firewall
Identify
Categorize
Control
By Application, Not by Port & Protocol
By User/Group, Not by IP
By Content Inspection, Not by Filename
By Application
By Application Category
By Destination
By Content
By User/Group
Prioritize Apps by Policy
Manage Apps by Policy
Block Apps by Policy
Detect and Block Malware
Detect & Prevent Intrusion Attempts
Users/Groups
Application Chaos
Many on Port 80
Policy
Critical Apps: Prioritized Bandwidth
Massively Scalable
Next-Generation
Security Platform
Acceptable Apps: Managed Bandwidth
High Performance Multi-Core
Re-Assembly Free
DPI
Unacceptable Apps: Blocked
Cloud-based
Extra Firewall
Intelligence
19
CONFIDENTIAL All Rights Reserved
Malware Blocked
Visualize &
Manage Policy
App Flow Monitor: Real Time Analysis of
Exactly What is Happening
20
CONFIDENTIAL All Rights Reserved
Visualize in Multiple Ways for Analysis
21
CONFIDENTIAL All Rights Reserved
Dig Deeper To Determine Action
22
CONFIDENTIAL All Rights Reserved
Application Identification
23
CONFIDENTIAL All Rights Reserved
Network Analysis Tools
“Who’s watching YouTube?”
24
CONFIDENTIAL All Rights Reserved
User Identification



25
Single Sign On (AD/LDAP Integration)
Local Login
Identify Top Bandwidth users
CONFIDENTIAL All Rights Reserved
Identify the Bandwidth Hogs
26
CONFIDENTIAL All Rights Reserved
Or View Bandwidth Hogs in Detail
27
CONFIDENTIAL All Rights Reserved
Connection Tracking by Country
28
CONFIDENTIAL All Rights Reserved
Track Suspicious Traffic
29
CONFIDENTIAL All Rights Reserved
Dig Deeper into Suspicious Traffic
30
CONFIDENTIAL All Rights Reserved
Capture Packets for Further Analysis
31
CONFIDENTIAL All Rights Reserved
Combine filters for Powerful Network
Intelligence

32
Cross-Filter for a deeper dive into real-time traffic
CONFIDENTIAL All Rights Reserved
CONTROL the Application Traffic
33
CONFIDENTIAL All Rights Reserved
Available Today since SonicOS 5.0
CONTROL: Powerful Policy Creation
34
CONFIDENTIAL All Rights Reserved
Content Filtering Enhancements
1.
2.
3.
4.
Bandwidth management policies based on CFS categories
More granular, flexible and powerful Content Filter Policy control
Allow/Forbid lists per CFS policy
Allow users/groups, address objects and zones to be assigned to CFS
policies
5. Multiple CFS policies for the same group/user
6. Significantly improve HTTPS Content Filtering
7. Add new CFS categories
35
CONFIDENTIAL All Rights Reserved
NetFlow/IPFIX with Extensions Reporting

NetFlow/ IPFIX with Extensions
1.
2.
3.
4.
5.
6.
7.
8.
9.
Rating
Location
Applications
Intrusions
Viruses
Spyware
Services
Flow Table
Location
10.
11.
12.
13.
14.
15.
16.
17.
18.
19.
20.
Users
URLs
Log
Interface Statistics
Core Utilization
Memory Utilization
VOIP
SPAM
Connected Devices
VPN Tunnels
URL Rating
 Large Ecosystem of collectors
 Historical Reporting
 Alerts
36
CONFIDENTIAL All Rights Reserved
SonicWALL Next-Generation Firewall
Identify
Categorize
Control
By Application, Not by Port & Protocol
By User/Group, Not by IP
By Content Inspection, Not by Filename
By Application
By Application Category
By Destination
By Content
By User/Group
Prioritize Apps by Policy
Manage Apps by Policy
Block Apps by Policy
Detect and Block Malware
Detect & Prevent Intrusion Attempts
Users/Groups
Application Chaos
Many on Port 80
Policy
Critical Apps: Prioritized Bandwidth
Massively Scalable
Next-Generation
Security Platform
Acceptable Apps: Managed Bandwidth
High Performance Multi-Core
Re-Assembly Free
DPI
Unacceptable Apps: Blocked
Cloud-based
Extra Firewall
Intelligence
37
CONFIDENTIAL All Rights Reserved
Malware Blocked
Visualize &
Manage Policy
Thank you.
www.sonicwall.com