A surge in ransomware attacks in Q1 re-emphasizes the value proposition of SonicWall’s integrated portfolio of solutions, which now combines the Capture Cloud Platform working in concert with other devices in the data centre.
Security vendor SonicWall has made a series of new product announcements, with the jewel in the crown being the new SonicWall Capture Cloud Platform. Its new components include the Capture Security Center for device management, SonicWall Capture Advanced Threat Protection cloud sandbox service that leverages the SonicWall Real-Time Deep Memory Inspection [RTDMI] introduced earlier this year, which is now being enhanced. Another component in the new platform is the SonicWall Capture Client, that comes from SonicWall’s partnership with SentinelOne. SonicWall also unveiled a new NSv virtual firewall series, and a new Web Application Firewall. They also refreshed their next-gen NSa firewalls, something that would have been the feature announcement here not long ago, but which has now been subsumed somewhat given SonicWall’s – and the industry’s – move to focus on integrated platforms rather than point products.
“We are making a series of six new announcements around tactical products we are launching, which are centred around the firewall,” said John Gordineer, SonicWall’s director of product marketing. “The second element of the announcement is more around our security technology, with the introduction of the Capture Cloud Platform. We are also announcing the enhancement of our RTDMI [Real-Time Deep Memory Inspection] technology that we introduced in January, which resides within the Capture Cloud Platform.
The Capture Cloud Platform is the central feature of it all, which Gordineer said is well-timed to a surge in activity in the threat landscape.
“Our 2018 SonicWall Cyber Threat Report found that ransomware attack volume was down last year, but that they developed twice as many new FORMS,” Gordineer said. “The volume dropped off, but they were retooling the ransomware kits, so that we thought that the numbers might come up. Thus far, at the end of March, it’s up 226 per cent year over year. Given this resurge in ransomware, combining all this threat intelligence in the Capture Cloud program is well-timed. It now takes a cloud with a lot of stuff in it, combined with on-prem devices, to protect adequately.”
The SonicWall Capture Cloud Platform combines threat detection, threat intelligence and threat management, to supplement SonicWall’s hardware, virtual appliances and endpoint clients.
“The Capture Security Centre covers all firewalls a partner manages for all of their customers,” Gordineer said. “It’s a key product launch for us, a lynchpin product. It provides a cloud-based, unified single pane of glass experience. As a part of that, we have an intuitive dashboard that gives them access on all the threat data we accumulate – tying it together to provide them with a customized experience, so they can see the data that affects THEIR customers.”
The SonicWall Capture Client is a unified, next-generation endpoint protection solution with ‘rollback’ capabilities.
“This is the first product from our partnership with Sentinel One,” Gordineer said.”It brings machine learning to the endpoint, with a highly secure next-gen AV client.” It adds a remediation capability, in that, in the event of a breach, all that has to be done is ‘point and click’ to go right back to the previous version.”
“This ability to attach next-generation AV is really important for many of our partners,” said Steve Pataky, SonicWall’s Senior Vice President of Worldwide Sales and Channel, and Chief Revenue Officer. “It provides a lot of opportunity for incremental value. It gives them a quasi-incident response tool, in letting a partner quickly restore an SMB endpoint to a previous state. This makes it a much stickier service for the partner.”
The SonicWall Capture Advanced Threat Protection cloud sandbox service, which blocks malware and zero-day threats until it is determined to be safe has been enhanced with new functionality.
“RTDMI takes control of a suspect application and forces it to reveal itself,” Gordineer said. “Since we introduced it in February, it has been highly effective, and has found 3500 attacks that never had been seen before in the wild. Now we are enhancing it with specific protection for PDF and Office documents.
Two products, NSv virtual firewalls and a Web Application Firewall [WAF], have been added to protect virtual environments.
The Network Security Virtual firewall is a code-complete version of our SonicOS firewall designed to work in virtual environments,” Gordineer said. “The WAF can be used to protect web apps and provide SSL application protection. That one is an add-on that will open up new markets for our partners.”
Finally, the NSa 3650, 4650 and 5650 next-generation firewall appliances for encrypted traffic analysis were announced.
“This last product would have been the first one we talked about a couple years ago,” Gordineer said. “It is a brand new series of hardware appliances, which offer significantly higher performance on SSL encypted connections. It makes it easy to use for SSL scanning.”
“When we became independent again. we really reinvested in R&D, and this series of releases really shows that,” Pataky said. “We have productized our threat intelligence capability for our channel partners.”
Informational and training materials have been available to partners for some time
“We started the education around these well in advance,” Pataky said. “This includes arguably our largest betas ever around these products, extending channel reach far farther than in the past. We have had content up on SonicWall University for well over a month, to make sure field sales and partners are prepared when these hit the streets.”