SSi Service Strategies Inc.

Intrusion Prevention

Home
Up
Deep Packet Inspection
Contact SSi
Site Contents
Glossary of Terms
Request Information
Site Search
Notices

 

SSi

SonicWALL Intrusion Prevention Service

Malicious network attacks targeting application vulnerabilities have been plaguing networks since Nimda and Code Red in 2001 and SQL Slammer and MS Blaster in 2003, infecting computers worldwide. In the past year alone, these viruses have cost over $50 billion in damages. More recently, threats have come from the use of peer-to-peer and instant messenger applications, including the recent Mydoom virus, which was propagated through the file sharing application Kazaa as well as through e-mail. Changes in the method and delivery of attacks have emphasized the need for enhanced detection and prevention capabilities of the firewall protecting the network at the perimeter.

SonicWALL responded to these threats by adding a new Intrusion Prevention Service (IPS), based upon an advanced Deep Packet Inspection engine, to its distributed enforcement architecture. Deep Packet Inspection technology enables the firewall to more thoroughly investigate an incoming protocol by examining information at the application layer to defend against attacks. SonicWALL’s Deep Packet Inspection engine can also be used for other functions such as anti-virus scanning, application identification, XML filtering, spyware, peer-to-peer and instant messenger application prevention.

SonicWALL Intrusion Prevention Service (SonicWALL IPS) delivers a configurable, high performance Deep Packet Inspection engine for extended protection of key network services such as Web, e-mail, file transfer, Windows services and DNS. SonicWALL IPS is designed to protect against application vulnerabilities as well as worms, Trojans, and peer-to-peer, spyware and backdoor exploits. The extensible signature language used in SonicWALL’s Deep Packet Inspection engine also provides proactive defense against newly discovered application and protocol vulnerabilities. SonicWALL IPS offloads the costly and time-consuming burden of maintaining and updating signatures for new hacker attacks through SonicWALL’s industry-leading Distributed Enforcement Architecture (DEA). Signature granularity allows SonicWALL IPS to detect and prevent attacks based on a global, attack group, or per signature basis to provide maximum flexibility and control false positives.

SonicWALL IPS is managed directly from the SonicWALL Security Appliance. Alternatively, SonicWALL Global Management System (SonicWALL GMS) provides global management capabilities that enabled administrators to manage SonicWALL IPS across multiple SonicWALL Security Appliances from a central location. SonicWALL GMS and SonicWALL ViewPoint solutions allow administrator’s to create detailed reports based on attack source, destination and type of intrusion, such as “Top Intrusions,” “Destinations Over Time” and “Intrusions Over Time.”

Deep Packet Inspection

Key Features & Benefits

bulletHigh Performance Deep Packet Inspection Technology
SonicWALL’s Intrusion Prevention Service features a configurable, high-performance Deep Packet Inspection engine that uses parallel searching algorithms on incoming packets through the application layer to deliver increased attack prevention capabilities over those supplied by traditional stateful packet inspection firewall. By performing all of the matching on packets, SonicWALL IPS eliminates the overhead of having to reassemble the data stream. Parallel processing reduces the impact on the processor and maximizes available memory for exceptional performance on SonicWALL appliances.
bulletInter-Zone Intrusion Prevention
SonicWALL IPS provides an additional layer of protection against malicious threats by allowing administrator’s to enforce intrusion prevention not only between each network zone and the Internet, but also between internal network zones. This is performed by enabling intrusion prevention on inbound and outbound traffic between trusted zones (SonicOS Enhanced).
bulletExtensive Signature Database
SonicWALL IPS utilizes an extensive database of over 1,700 attack and vulnerability signatures written to detect and prevent intrusions, worms, application exploits, as well as peer-to-peer and instant messaging traffic. The SonicWALL Deep Packet Inspection engine can also read signatures written in the popular Snort format, allowing SonicWALL to easily incorporate new signatures as they are published by third parties. SonicWALL maintains a current and robust signature database by incorporating the latest available signatures from thousands of open source developers and by continually developing new signatures for application vulnerabilities that are not immediately available or provided by open source.
bulletDynamically Updated Signature Database
SonicWALL IPS includes automatic signature updates delivered through SonicWALL’s Distributed Enforcement Architecture (DEA), providing protection from emerging threats and lowering total cost of ownership. Updates to the signature database are dynamic for SonicWALL firewalls under an active subscription.
bulletScalable
SonicWALL IPS is a scalable solution for SonicWALL TZ 170 and PRO Series Appliances that secures small, medium and large networks with complete protection from application exploits, worms and malicious traffic.
bulletApplication Control
SonicWALL IPS provides the ability to prevent Instant Messaging and Peer-to-Peer file sharing programs from operating through the firewall, closing a potential backdoor that can be used to compromise the network while also improving employee productivity and conserving Internet bandwidth.
bulletSimplified Deployment and Management
SonicWALL IPS allows network administrators to quickly and easily manage the service within minutes. Administrator’s can create global policies between security zones and interfaces as well as group attacks by priority, simplifying deployment and management across a distributed network.
bulletGranular Policy Management
SonicWALL IPS provides administrators with a range of granular policy tools to enforce IPS on a global, group, or individual signature level to enable more control and reduce the number of false policies. SonicWALL IPS allows also allows administrators to choose between detection, prevention, or both to tailor policies for their specific network environment.
bulletLogging and Reporting
SonicWALL IPS offers comprehensive logging of all intrusion attempts with the ability to filter logs based on priority level, enabling administrator’s to highlight high priority attacks. Granular reporting based on attack source, destination and type of intrusion is available through SonicWALL ViewPoint and Global Management System. A hyperlink of the intrusion brings up the signature window for further information from the SonicWALL appliance log.
bulletManagement by Risk Category
SonicWALL IPS allows you to enable/disable detection or prevention based on the priority level of attack through High, Medium, or Low predefined priority groups.
bullet

Detection Accuracy
SonicWALL IPS detection and prevention accuracy is achieved minimizing both false positives and false negatives. Signatures are written around applications, such as Internet Explorer or SQL Server rather than ports or protocols to ensure that malicious code targeting them are correctly identified and prevented.

If you would like to request additional information on a network security product or service, please click on the button below.

Certified SonicWALL Sales Experts

Service Strategies Inc.

2392 Mount Vernon Rd

Dunwoody, GA 30338-3092

678-441-0020   800-662-1615

assist@ssimail.com

Copyright © 1998 - 2008 Service Strategies Inc. All rights reserved.
Revised: February 01, 2008.