Professional Documents
Culture Documents
A New Set OF: Network Security Challenges
A New Set OF: Network Security Challenges
A New Set OF: Network Security Challenges
A NEW SET
OF NETWORK
SECURITY
CHALLENGES
A new IDG survey reveals
optimism about the ability of nextgeneration firewalls to help IT
balance productivity and security
ALSO INSIDE
+WHY PROTECTION & PERFORMANCE MATTER +
>
>
With two issues becoming increasingly crucial, IT faces conflicting mandates from
the business. On one hand, employees demand access from devices beyond the
firewallsmartphones, tablets, home PCs and laptops. On the other hand, risk man-
agement dictates corporate data must remain protected. The overarching challenge:
Within that mandate, however, lie several other challenges, according to a new survey
conducted by IDG Research Services on behalf of Dell. The survey was conducted in
October of 2012 and reflects the insight of more than 250 IT professionals at companies with more than 500 employees. It reveals the depth with which network administrators must juggle these competing factors. The issues facing IT go beyond security
to encompass network bandwidth as well.
Just as technology has caused these problems, technology may also be the solution.
>
A new generation of firewall technology, designed with current security and network-
ing issues in mind, promises to give IT a way to solve its multisided puzzle.
>
>
they are. Respondents also tend to view their organizaSimilarly, a traditional firewall doesnt have the ability
>
>
INCREASED AWARENESS,
INCREASED DEPLOYMENT
A NEXT-GENERATION
FIREWALL IS LIKE THE
AIRPORT SECURITY
AGENT WHO OPENS THE
LUGGAGE, INSPECTS ITS
CONTENTS AND MAKES
A DECISION ABOUT
WHETHER IT ALLOWS THE
CONTENTS TO TRAVEL.
arrangements will only increase in the future, the importance of having the capabilities of NGFs only increases.
The key to the value of NGFs is that they have the ability
to increase productivity all around. Its not just the
productivity of employees using mobile devices. Its also
the ability of the network to handle more mission-critical
activities without bandwidth constraint. And finally,
NGFs aid the productivity of IT administrators, who can
take advantage of an integrated device that outperforms
traditional firewalls in mitigating risks associated with
trends on the upswing. n
>
>
Abstract
Protection and performance go hand-in-hand for NextGeneration Firewalls (NGFWs). Organizations should not have
to sacrifice throughput and productivity for security. Outdated
firewalls pose a serious security risk to organizations since
they fail to inspect data payload of network packets. Many
vendors tout Stateful Packet Inspection (SPI) speeds only, but
the real measure of security and performance is deep packet
inspection throughput and effectiveness. To address this
deficiency, many firewall vendors adopted the malware inspection approach used by traditional desktop anti-virus: buffer
downloaded files, then inspect for malware. This method not
only introduces significant latency and but also poses significant security risks since temporary memory storage can limit
the maximum file size. Independent NSS Lab tests demonstrate
that the Dell SonicWALL SuperMassive E10800 NextGeneration Firewall incorporating multi-core architecture and
Reassembly-Free Deep Packet Inspection (RFDPI) overcome
these limitations to provide enterprises with both extremely
high-levels of protection and performance that they require.
>
Extra-firewall input
User-ID awareness enables administrators to enforce application policies based on AD user/group (without having to trace
IP address to user ID), adding insight into usage and traffic.
Adaptability
Another important capability of NGFWs is the dynamic adaptation to changing threats. Dell SonicWALL constantly updates
their devices with new signatures to stop threats and stay on
top of the evolving malware landscape.
The first flaw was the introduction of latency while the file is
buffered with file size limitations. Firewall vendors have worked
around this issue by sending keep-alive packets to prevent this,
yet the overall effect is the introduction of latency. The use of
memory to buffer files for inspection causes not only additional
latency but also a space issue which is addressed by limiting the
overall file size to a preset amount (generally 100MB). The use of
the Internet is growing and sharing of larger files is increasing;
hybrid SPI/malware detection technology does not scale.
Performance
In order to achieve the highest return on investment (ROI) for
bandwidth services and optimize an organizations productivity
level, while still ensuring maximum security, IT needs to make
sure that traffic is thoroughly scanned with minimal latency
for optimal throughput. To meet these requirements, multigigabit throughput rates have become standard for NGFWs.
Dell SonicWALL NGFW solutions can improve performance
significantly by applying patented Dell SonicWALL RFDPI2 technology to enable DPI without buffering and packet reassembly.
From a hardware perspective, Dell SonicWALL NGFWs can also
maximize throughput by incorporating parallel processing over
advanced multi-core architecture.