SonicWALL To Offer Intrusion Detection And Prevention Capabilities

This new technology will deliver a configurable, high performance stateful signature engine for extended protection to key Internet services such as Web, e-mail, file transfer, Windows services, and DNS. This enhances the payload inspection technology currently driving SonicWALLs Complete Anti-Virus rapid e-mail attachment blocking and SonicWALLs Content Filtering Service. The new capabilities are designed to protect against known buffer overflow vulnerabilities in software, as well as various worms, Trojans, and peer-to-peer, spyware and backdoor exploits. The extensible signature language used in the deep packet inspection engine will provide a proactive defense against newly discovered application vulnerabilities. Malicious attacks targeting application vulnerabilities have been plaguing networks since Nimda and Code Red in 2001 and SQL Slammer and MS Blaster in 2003 infected computers worldwide. Costs associated with these attacks grew to over $50 billion last year alone. More recently, threats have come from the use of peer-to-peer and instant messenger applications, including the recent Mydoom virus, which was propagated through the file sharing application Kazaa as well as through e-mail. Changes in the method and delivery of attacks have led to the need to enhance the detection and prevention capabilities of the firewall protecting the network at the perimeter. The SonicOS security engine currently recognizes and protects against various traffic anomalies, port scanning reconnaissance activities, various packet level intrusion and Denial of Service attacks, as well as actively blocking forbidden, unwanted, or malicious URLs and Web-based content, including spyware, cookies, ActiveX, and Java archives. In addition, the security engine works in conjunction with dynamic security service updates from SonicWALL to provide real-time deep packet inspection blocking of malicious e-mail. Features of the new Intrusion Prevention Service include: Deep Packet Inspection Engine – The SonicWALL Deep Packet Inspection framework supports complete signature matching across ordered TCP fragments without performing any reassembly. In the case where packets arrive out of order, they are buffered and reordered by the Deep Packet Inspection Engine. This method of packet processing results in more efficient use of processor and memory for greater performance. Signature Database – The SonicWALL Intrusion Prevention Services ships with 1,700 stateful signatures that detect and prevent against application exploits, vulnerabilities, worms and network attacks in over 50 protocols, providing comprehensive protection from malicious attacks. Additional signature categories include the ability to block popular instant messenger and peer-to-peer applications from traversing the SonicWALL appliance. Signature Updates – Signatures of new exploits, vulnerabilities, worms and attacks are automatically downloaded to the SonicWALL appliance through SonicWALL’s distributed enforcement architecture for all customers with an active subscription. The distributed enforcement architecture reduces the total cost of managing an Intrusion Prevention deployment by ensuring that signatures are always up to date. Policy Management – The SonicWALL Intrusion Prevention Service simplifies deployment and management through pre-configured global policies and grouping of attacks by priority. In addition, the policy includes granular configurability to remove false positives by allowing signatures to be individually set to detect and/or prevent. Central Management – The SonicWALL Intrusion Prevention Service is centrally managed through the SonicWALL Global Management System. This award-winning management capability eases the total cost of ongoing management o