The story of SonicWall has been very public; from the acquisition by Dell, to the release back to an independent private organization. Outside observers like myself have been waiting to see what comes next and if SonicWall can rise to the competition. This week, in a press release and a series of regional conferences, SonicWall has revealed that it has every intention to make up ground and move to the forefront. I was in attendance at their west coast conference and was able to dive deeper into their announcements and hear their strategy directly from Bill Conner, President and CEO of SonicWall. Here are some highlights and opinions from what I saw.
In case you missed it, here is a summary of what was announced:
- SonicOS 6.5 released
- New NSA 2650 firewall (new hardware)
- New SonicWave 802.11ac Wave 2 access points
- SonicWall Cloud Analytics
- Secure Mobile Access OS 12.1 released
Not in this press release but also relevant news:
- SonicWall announces a partnership with SentinelOne to provide automated real-time breach detection, prevention, and remediation from the endpoint to the firewall.
- Email Security 9.0 – Capture on email security.
- Capture 2.0 back-end improvements
Within some of the bullet points there are many changes and additions; in some cases too many to list here, but let’s go over the major points.
There are a total of 60+ changes to SonicOS 6.5. Some of these are minor, and others will have a large impact on how you manage your device. I will cover some of the main change highlights and summarize some of the other notable updates.
With the release of SonicOS 6.5, SonicWall has completely changed the user interface (UI) and brought it up to modern. SonicWall has put most of their resources into improving the user experience (UX) and providing at-a-glance information front and center. Additionally, digging deeper into the data is easier and you can create policy directly from almost anywhere you find something you need to manage. You can see a video here (7:05 minutes) of a walkthrough of the new interface. Essentially, this UI change brings SonicWall’s aging interface to a modern HTML implementation with a streamlined flow and more graphical representation of information.
Another enhancement includes cloud-enabled configuration backup and recovery at no additional cost. This allows you to save the last 3 configurations to the cloud and restore them in the event you lose local configuration files or make a change that renders your local configuration inoperable.
Other notable improvements are around wireless support and monitoring such as:
- AirTime Fairness (Reduces the impact of a slow device on the remaining devices throughput.)
- Built-in radio repeater mode
- AP MiFi Extender
- AP dynamic VLAN segmentation
- AP real-time monitoring visualization
- AP Client fingerprinting and reporting
- Wireless Forensic Packet Capturing
NSA 2650 Firewall
The new NSA2650 is the industry’s first firewall with 2.5GbE ports so you can connect 802.11ac Wave 2 access points at full connection speed while reducing the number of ports required or needing additional switching. As with most hardware refreshes, they have increased the performance by 2x versus the NSA 2600.
One of SonicWall’s main security features is their ability to perform deep packet inspection (DPI) of SSL/TLS (encrypted) traffic. Studies show that an estimated 60% of all traffic is encrypted through HTTPS connections and can be missed by traditional inspection methods. SonicWall allows those secure connections to be decrypted at the firewall, inspected, and re-encrypted as they are passed on to the end user. The NSA 2650 shows the first of SonicWall’s efforts to improve throughput at scale and the NSA 2650 will be able to inspect up to 20x more encrypted connections simultaneously.
SonicWall recognizes that, though High Availability (HA) is recommended, you still need a resilient firewall. Power supplies are one of the most common failures on any hardware appliance due to their moving parts, higher temperatures, and constant operation. They have added an option for redundant power supplies to reduce the possibility of failure.
Since most organizations have the same appliance for 3-5 years, SonicWall also added expansion modules to increase capabilities over time, as well as adding additional storage for on-appliance logging.
SonicWave 802.11ac Wave 2 Access Points
SonicWave access points will be replacing the existing SonicPoint product line and wil be bringing enterprise-grade wireless along with SonicWall’s first ever outdoor access point. These access points support full Wave 2 throughput with 4×4 antennas and mulit-user MIMO.
The new SonicWave AP’s have three radios, two for traffic and one for the Wireless Intrusion Detection System (WIDS) which can identify and locate rogue access points. This helps detect the use of pineapples being deployed with malicious intent.
SonicWave AP’s also all support 4G LTE USB modems for primary or secondary data connectivity. Since most firewalls are deployed in closed rooms with poor reception, moving the 4G modem to an access point with better visibility and reception makes a lot of sense.
Finally, the SonicWave access points come with a Bluetooth BLE radio. This radio has limited functionality at launch but will be used for location tracking for retail and hospitality. Using the Bluetooth BLE beacons, SonicWall can enable features for inventory tracking, push notifications and promotions in retail, and navigation for hotels, resorts, and hospitals.
SonicWall’s Partnership with SentinelOne
SonicWall is addressing a technology gap compared to other security manufacturers by partnering with SentinelOne for visibility and communication to the desktop. From the press release: “By combining the two solutions, SonicWall and SentinelOne will allow administrators to not only create policies to determine which individuals must run the endpoint solution on their devices, but also add controls to ensure that devices are running the endpoint client, if required. Through the partnership, SentinelOne and SonicWall will also offer threat intelligence sharing – combining the industry’s fastest conversion from unknown to known malware via the SonicWall Capture Threat Network with the addition of threat intelligence from SentinelOne endpoint data. Additionally, the combined solution brings key features including:
- Policy-based enforcement, compliance, quarantine, and remediation
- Cloud-based centralized management and analytics
- Dynamic detection with behavioral models and machine learning
- Automatic remediation of ransomware and other advanced threats
SonicWall Capture is SonicWall’s take on protecting your environment from zero-day attacks. They have incorporated this integration into more platforms in their portfolio including the firewall, email security, and Secure Mobile Access (SMA) appliance. This solution uses several layers of security controls and multi-engine sandboxing to help identify new and unknown threats. Files are blocked until verdict which means downloads and attachments are not able to be received until the system knows they are safe.
This is a cloud-based solution which reduces up-front costs and allows it to be scalable for organizations of every size. Those companies that have highly sensitive information or government mandate may not be able to use this solution because the files are shared with the cloud and examined.
As we go through these announcements, and we have just scratched the surface, we can see that SonicWall is back to being a security company focused on innovation. These changes are foundational and, in most cases, brings them up to the level of the competition. However, if they continue to develop and innovate at this pace they can recapture their position as a top-tier security provider.