Improved sandboxing, integrations with other Dell technologies, and a firewall sandwich were among the technologies discussed.
LAS VEGAS – At the Dell Security Peak Performance conference in Las Vegas, Dell revealed the details of its upcoming product road map for SonicWALL products. While the product road map is generally the most anticipated part of any vendor event for the partners in attendance, it is generally hard to get that information if you are not at the event. Most vendors who have interesting stuff on the product road map impose media blackouts on the information to keep it out of competitor hands. Dell was no different at Peak. Patrick Sweeney, Dell SonicWALL’s Executive Director, Product Management, gave a keynote on the product roadmap, but the media in attendance were able to report none of it. However, while the product road map is off limits, the technology roadmap, which conveys much the same information without tying it to specific product release timing and pricing, is not.
Dell SonicWALL’s basic design philosophy itself is not new.
“Inspect everything, said Boris Yanovsky, VP Development Engineering and CTO, Dell Security, in his engineering keynote. “The real protection does not come from firewalling. Just blocking ports or IPs or certain applications doesn’t really give you full protection. Sooner or later, somebody is going to come in, and through social engineering or whatever, they are going to figure out your passwords and access. You need to make sure all the traffic that comes in and out of the organization is fully inspected and protections are applied. This has been a core belief of SonicWALL for a long, long time.”
Yanovsky told Dell partners that while most of them likely tune their SonicWALL firewalls, they shouldn’t.
“The focus has always been on how to best protect your network,” he said. “Even though we give a lot of granular control and you can disable this signature or that signature, we actually do not encourage you to tune our firewall. Every time you disable say, a Linux signature because you aren’t running Linux, what you actually do is enable someone like Kevin [guest speaker and hacker Kevin Mitnick] to go through a very simple attack, figure out what operating system you are running, and what your patch level is. Please don’t tune our firewalls. People tune to improve performance but we can take care of that in another way. We’ve got technology. We’ve got the hardware. You don’t need to worry about performance improvement when you are running our technology.”
A key improvement on the roadmap is improved sandboxing. Yanovsky said that because today’s worst threats are persistent, the best way to scan them is to stop them early and often, to get them before they can deliver their big payload.
“To do this, we need to shorten the response time between us detecting malware and deploying signature protections,” he stated. “So we started thinking about how to change the sandboxing world in the same way we changed intrusion prevention and gateway antivirus, so you don’t have to wait for alerts to come out of the sandbox, to tell you, oh by the way, somebody downloaded a virus on your network, an hour ago. It’s better to know than not to know, I grant you that, but even better would be to stop it as the threat happens.”
The answer, which Yanovsky illustrated in a demo, is accessed through a new sandboxing tab in the firewall security services.
“You just need to enable it and check the box ‘Block until Verdict,’” he said. “It holds the connection while the analysis is going on. The firewall will slow down the traffic and there will be some latency induced while holding that connection while the analysis is going on. Immediately the verdict is made, if it’s deemed malicious, the blocking will happen. Once we do the blocking, you will see a report with its connections, what it addresses it communicated with, files it had modified, registry keys and behaviors that determined if it was malicious or okay.”
The improved sandboxing will run in multiple environments in the SonicWALL cloud.
“That’s one solution how we are bringing a high-end enterprise approach to SMBs as a true inline protection and prevention,” Yanovsky said. He indicated the beta would start early next year, likely in January or February.
Yanovsky also shared details on the integration being done between SonicWALL and other Dell technologies.
“One we are working on is integrating our switches made by Dell Networking with SonicWALL,” he said. “We have started the integration where you acquire the switches inside the UI, which are managed through our firewall, so when you deploy wireless you have a seamless integration where with one switch you can provision that switch to run your SonicPoints [access points]. You will also be able to provide that capability from our GMS [Global Management System], where it’s all managed from a seamless single pane of glass.”
Yanovsky indicated that the switches will be integrated first, and the SonicPoints next.
“We will start with the x series switches which are more SMB,” he said. “GMS is such a powerful technology, that we want it to do more.”
Another key integration involves the Dell Data Protection encryption technology acquired with Credent. Today, at the network encryption layer, you can crack open a package to inspect it, but at the file level, you can’t today, since that involves too many risks.
“We are working on an encryption with your corporate key, not your personal one that everyone knows,” Yanovsky said. “That’s what Dell Data Protection does. Once the document is encrypted with your corporate key you can put it out on Box because the only people who can see it are authorized to do so.”
“What we are working on in the lab is the ability to share a key between the endpoint and the firewall,” said Tim Brown, Executive Director for Security, Dell Software Group. “We can see if something is encrypted today. Seeing if it’s encrypted with a corporate key while blocking other encryptions and unencrypted traffic can’t be done today, but we are working on that. This is something that’s short term. It won’t be five years.”
WAN acceleration technology is also being integrated into the GMS.
“This has been a separate box and a lot of customers don’t want that,” Yanovsky said. “Once it is part of the GMS deployment, this will also significantly reduce the amount of logs and allow you to provide additional services.”
In identity and access management (IAM), Yanovsky said they are working on accessing applications with more granular control.
“We are seeing a shift from implementers and operators thinking that access is an asset to seeing it as a liability, where it is their fault if the access directory gets hacked over the account,” Brown said. “If you give full access with controls it minimizes risk. In the identity space, we are very interested in the big pictures of analytics for insider threat detection. We have done this internally, and are figuring out how to commercialize it. We will see something shortly, most likely early next year, the beginning of our fiscal year [in February]. You will also see huge improvements in data access going forward, with more classification on the meaning of words and documents and how they fit together.”
Also fairly close is the “firewall sandwich,” an open Layer 3 architecture which can scale to meet hyperscale and carrier demand.
“These largely provide additional protection in addition to a firewall already in place that the customer wants to keep, and a lot of these deployments have gotten bigger and bigger,” Yanovsky said. “The firewall sandwich concept is less about traditional stateful firewalling and more about inspecting everything, to analyze it and stop it if it doesn’t apply to the policy or if there is more malicious context.”
In response to a question, Yanovsky also clarified where Dell SonicWALL is at with multi-tenancy, which was announced last year at Peak to great fanfare, and hadn’t been on the agenda at all this year.
“A lot of it is done, but it has been a major undertaking because every data structure, every path in the code, which was written from scratch, had to be modified for the additional parameters,” he said. “We don’t want to roll it out and have it crash. It’s not quite in the final stages, but most has been converted. A couple things still need to be done.”