Transcription
Web Application FirewallSonicWall Web Application Firewall offers a comprehensive foundation forweb application security, data leak prevention and performance, on prem or inthe cloudThe SonicWall Web Application Firewall(WAF) Series enables a defense-in-depthstrategy to protect your web applicationsrunning in a private, public or hybridcloud environment. It offers a complete,out-of-box compliance solution forapplication-centric security that is easy tomanage and deploy.The SonicWall WAF is a full-featuredweb application firewall that armsorganizations with advanced web securitytools and services to protect their dataand web properties against modern,web-based threats. It applies deeppacket inspection of Layer 7 web trafficagainst a regularly updated database ofknown signatures, denies access upondetecting web application vulnerabilitiesand redirects users to an explanatoryerror page. This helps keep compliancedata unexposed and web propertiessafe, undisrupted and in peak operatingperformance. WAF learns, interrogatesand baselines regular web applicationusage behaviors and identifies anomaliesthat may be indicative of attempts tocompromise the application, steal dataand/or cause service disruption.WAF employs a combination of signaturebased and application profiling deeppacket inspection. Its high performancereal-time intrusion scanning engine usesevent-driven architecture to dynamicallydefend against evolving threats. Theseinclude those outlined by the OpenWeb Application Security Project(OWASP), as well as more advancedweb application threats like Denialof Service (DoS) attacks and contextaware exploits. Moreover, WAF alsoprevents data loss with data masking andpage-blocking techniques for specifiedpatterns of sensitive data like PaymentBenefits:Web Application Threat Management Shrink attack surface with fullmanagement and control of webapplication traffic Interrogate the behavior and logicof web communication beyondprotocol activities Detect and alert on anomalies inweb application behaviorWeb Application Protection Protect against known and zero-dayvulnerabilities with Capture ATP,virtual patching and custom rules Defend against latest vulnerabilitiesand threats outlined by OWASPTop Ten Preserve web servers' integrity andperformance against applicationDoS/DDoS attacksData Leak Prevention (DLP) Prevent data theft via data maskingand page-blocking techniquesClassified MalwareStreaming DataRANSOMWAREPDFLockyEmailRANSOMWAREData FileBLOCKWannaCry1 0 10010010100 1 01001011010 1 00101001001 0 10010100101 1 01010100100 1 01001000101 0 1100100101EndpointArtifact 1Artifact 2Artifact 3Artifact 4TROJANMACHINELEARNINGSpartanUNKNOWNDeep LearningAlgorithmsCLOUD CAPTURESANDBOXA HypervisorABCDB EmulationC VirtualizationD RTDMIBadBLOCK GooduntilVERDICTSENT Bar attackers from gaining accessto users’ accounts and all accountson web servers with precise accesssecurity controlsAccelerate Application Delivery Enable caching, compression andother HTTP/TCP optimizations toaccelerate application delivery Reduce workload and boostperformance by offloading SSLtransactions Perform Layer-7 load balancing todistribute the load across clusteredweb servers
Card Information (PCI) and governmentissued identification.For optimal protection against maliciousdownloads, malware injections oradvanced threats, WAF leveragesSonicWall Capture Labs threat research.It also adds SonicWall Capture AdvancedThreat Protection (ATP) and Real-TimeDeep Memory Inspection (RTDMITM)service options to its suite of websecurity services. Additionally, APIsare provided to give administratorsthe ability to monitor and orchestrateWAF operations programmatically forimproved web security automationand efficiency.Cross-vector threat intelligenceCapture Labs performs threat huntingand intelligence sharing across theentire SonicWall security ecosystemincluding WAF. The research team vetscross-vector threat information froma variety of sources, including a millionglobally placed security sensors whilecontinuously developing and patchingWAF with dynamic threat signatures forup-to-date web application protection.Multi-engine advanced threat analysisSonicWall Capture ATP Service extendsweb application protection to detect andprevent zero-day attacks. Suspicious filedownloads or injections are sent to theSonicWall Capture ATP service in thecloud for analysis using deep learningalgorithms. It has the option to hold themat the gateway until a verdict is rendered.Unique only to SonicWall, this multiengine sandbox platform appliesa combination of third-party andproprietary static and dynamic processingtools for threat prevention. Theseinclude a pool of over 60 reputable virusscanners, RTDMI, virtualized sandboxing,full system emulation and hypervisorlevel analysis technologies.Simultaneously, each inspectiontechnique executes suspicious codeand analyzes behavior and providescomprehensive visibility to maliciousactivity. At the same time, it resistsevasion tactics for optimized zero-daythreat discovery and defense.Let's Encrypt integrationTo help organizations deliver greatersecurity to website visitors and elevatetheir SEO placement, WAF integrateswith the Let's Encrypt service. Thiscomplimentary Certificate Authority(CA) service includes issuing, monitoring,renewing and decommissioningcertificates, for easy SSL/TLS certificatelife-cycle management. Completelymanaged by the SonicWall WAF,customers can easily implement HTTPSfor their websites using this service.Economy of ScaleWAF provides economy of scale benefitsof virtualization and can be deployed as avirtual appliance in private clouds basedon VMWare or Microsoft Hyper-V; orin AWS or Microsoft Azure public cloudenvironments. This gives organizationsall the security advantages of a physicalWAF with the operational and economicbenefits of virtualization, includingsystem scalability and agility, speed ofsystem provisioning, simple managementand cost reduction.Acceleration features include loadbalancing, content caching, compressionand connection multiplexing improveperformance of protected websites andsignificantly reduce transactional costs.A robust dashboard provides an easy-touse, web-based management interface.This features status page overview of allmonitoring and blocking activities, suchas signature database status informationand threats detected and preventedsince boot-up.The WAF Series is available in fourwebsite models that represent theirlicensed inspection capacities toaccommodate various monthly trafficvolume with unlimited domain. TheKnown WebThreat PreventionAnti-EvasionProtectionApplication LoadBalancingContent updates basedon threat researchBotSubmitting filesfor sandboxingSonicWall Web Application FirewallHTTP/SSLdeep licationpreventionprofiling engineUserWeb Server(s)Custom Rules & PatternsHackerWebsite SME
subscribed Licensed Capacity activatesWAF’s complete suite of security servicesup to the prescribed monthly capacity.Services include Capture ATP withRTDMI technology to inspect webtraffic and web transactions. It thenresets each month. Licensed Capacityoptions are stackable to address growingcapacity needs.Deployment optionsSonicWall WAF can be deployed on awide variety of virtualized and cloudplatforms for various private/publiccloud security use cases. The WAFSeries is available for deployment on thefollowing platforms:1. Private Cloud: VMware ESXiWEBSITEMODELLICENSEDCAPACITYPRO10 GB per MonthSMALL50 GB per MonthMEDIUM200 GB per MonthLARGE500 GB per Month Microsoft Hyper-V2. Public Cloud: Amazon Web Services (AWS) Microsoft AzureSummary of WAF Features Hypervisor level analysis Automatic Software Updates OWASP Top 10 Protection Full system emulation Broad file type examination API Support CSRF Protection Cookie Tampering Protection Automated and manual submission Website Fingerprint Detection Real-time threat intelligence updates Sensitive Data Protection - Maskingand Blocking Block until verdictWeb Application Security Rate Limiting and DoS ProtectionBotnet Protection Anti-evasive inspection Geo-IP- and Threat Intel-basedprotection filtering Automatic Signature updates Blacklisting and Whitelisting Web Application Profiling &Auto-Rule Generation Blocking and Captcha-basedRemediation Support Access Policies (using Geo, IP, URLor User) Custom Rules & Rule-chaining Custom Error responseSecure Web Application Delivery Secure Web App. Offloading SSL Inspection & PFS Session Logout TimerMonitoring & Reporting SNMP Support Event / Audit Logging & Syslog Email alerts System monitoring & Diagnostics Threats Dashboard Health Dashboard PDF Report ExportsPlatforms & Licensing VMWare & MS Hyper-V and AWS& MS Azure (BYOL) Subscription License basedon capacity Secure Session Logout Layer-7 Load Balancing HTTP Strict Transport Security(HSTS) Support Web App. Health MonitoringPartner Enabled Services Web App. Acceleration -contentcaching, compression and TCPoptimizationNeed help to plan, deployor optimize your SonicWallsolution? SonicWall AdvancedServices Partners are trainedto provide you with world classprofessional services. Learn moreat www.sonicwall.com/PES. Let's Encrypt service Authentication with MFA supportCapture advanced threat protection Real-Time Deep Memory Inspection Cloud-based multi-engine analysis Virtualized sandboxingAdministration Customizable Web Portal withCLI Support Admin Authentication via AD/LDAP,RADIUS and Certificate
FeaturesWeb Application Security and Bot ProtectionOWASP Top 10 ProtectionProtection of web applications from top 10 known attacks from the Open Web Application Security Protection(OWASP) including SQL Injection, XSS/CSRF, Web Fingerprinting, etc.Sensitive Data ProtectionPrevent sensitive data loss prevention with the ability to block pages presenting sensitive data and maskingPersonally Identifiable Information (PII) like credit card numbers and social security numbersSession ManagementControlsProvide strong session management and authentication capabilities to enhance the authorization requirements suchOne Time Password, Two-factor Authentication, Single Sign-On, and client certificate authentication.Web-Form Input ValidationInspect and validate client requests for possible malicious code to protect the backend servers from transactionsthat could allow hackers to bypass security defenses.Session Hijacking MonitoringDetect eavesdropping, intrusion and even theft of a web sessions to help prevent malicious actions taken by the attacker.Secure Session LogoutProvide the ability to safely and securely logout of a Web App that has been authenticated by a WAF.Perfect Forward Secrecy(PFS) preventionProtect past sessions against future compromises of secret keys or passwords.Deny Cross-Site RequestForgery (CSRF) attacksRecognize and prohibit malicious websites from sending illegitimate requests to a web application that a user isalready authenticated against from a different website.Block code injection orremote code-inclusion attacksRecognize and disrupt attacks that exploit a web application's interface to the underlying operating system and results inthe unwanted execution of arbitrary code or harmful commands, such as the download a malicious payload.Cookie TamperingProtection and EncryptionProtect against cookie theft, poisoning, inaccuracies, and Cross-Site Cooking via encryption and exclusion.Rate Limiting for Custom RulesTrack the rate at which a custom rule, or rule chain, is being matched to block dictionary attacks or brute force attacks.Web server FingerprintProtectionDefend against web server fingerprinting attacks that identify web application software, its version and the platformthat help hackers exploit vulnerabilities reported in the software.Web services/APIprotectionPrevent exposure of the valuable information contain within web services and APIs.API SupportGive administrators the ability to monitor and orchestrate WAF operations programmatically without using themanagement web interface.CMS platform protection:Use custom rules with virtual patching to neutralize new vulnerabilities found in popular CMS tools, such asWordPress, Joomla, and Documentum.Denial of Service ProtectionRate-limiting and bandwidth throttling of traffic to web applications for Denial of Service (DoS) protection ofweb applications.Automatic SignatureUpdatesPeriodic automated updates of signatures based on research from Capture Labs of new and emerging webapplication threatsWeb Application ProfilingUnique profiling engine that monitors known good activity against a web application to establish a baseline andautomatically generates WAF rules for that web application. Supports the use of trusted IP addresses for baselining.Custom Rules &Error ResponseAbility to create custom rules based on application-specific logic along with creation of rule-chains for serializedlogic. Customizable block pages and error messages when rules are matched.Botnet Filtering& RemediationBotnet filtering based on geography, explicit IP addresses/ranges and leveraging built-in threat intelligenceintegration. Support for remediation via captchas for each type of botnet filter. Also supports creation ofblacklists and whitelists.HTTP Strict TransportSecurity (HSTS) SupportPolicy mechanism to force browsers and apps connections to use HTTPS encryption for secured webcommunication and data exchange. This helps protect against protocol downgrade attacks and cookie hijacking.Let's Encrypt serviceIntegrated with the Let's Encrypt service for easy SSL/TLS certificate life-cycle management. This includesissuing, monitoring renewing and decommissioning certificates.Authentication withMFA supportAuthentication of users to websites and URLs with existing authentication services offered by the website or byinjecting an explicit authentication mechanism of its own. These mechanisms can also be stacked (e.g. 2FA, OTP)for multi-factor authentication to sensitive web pages.
Capture Advanced Threat ProtectionMulti-engine sandboxingThe multi-engine sandbox platform, which includes virtualized sandboxing, full system emulation, and hypervisorlevel analysis technology, executes suspicious code and analyzes behavior, providing comprehensive visibility tomalicious activity.Real-Time Deep MemoryInspection (RTDMI)This patent-pending cloud-based technology detects and blocks malware that does not exhibit any maliciousbehavior and hides its weaponry via encryption. By forcing malware to reveal its weaponry into memory, the RTDMIengine proactively detects and blocks mass-market, zero-day threats and unknown malware.Block until verdictTo prevent potentially malicious files from entering the network, files sent to the cloud for analysis can be held at thegateway until a verdict is determined.Broad file type and sizeanalysisSupports analysis of a broad range of file types, including executable programs (PE), DLL, PDFs, MS Officedocuments, archives, JAR, and APK plus multiple operating systems including Windows, Android, Mac OS X andmulti-browser environments.Rapid deployment ofsignaturesWhen a file is identified as malicious, a signature is immediately deployed to firewalls with SonicWall Capture ATPsubscriptions and Gateway Anti-Virus and IPS signature databases and the URL, IP and domain reputation databaseswithin 48 hours.Secure Application DeliverySecure WebApplication OffloadingDeployed as a Reverse Proxy to offload application front-ending. Also includes the ability to auto-logout usersessions after specific inactivity periods.SSL InspectionBuilt-in support for both HTTP and SSL/TLS traffic, with the ability to receive SSL/TLS traffic and forward as HTTPto web applications. Ability to import and store SSL certificates with support to broker Certificate Signing Requests(CSRs) and CRL validation.Layer-7 Load BalancingEasy to use Load-balancing features with session persistence, customizable logic and failover support that alsodelivers web application health monitoring.Web ApplicationAccelerationLeverage a combination of content caching, content compression and network bandwidth optimization to deliveraccelerated website experiencesManagementWeb Portal & CommandLine InterfaceFamiliar web portal for GUI-based administration with customizable look and feel including logos (for ServiceProviders). Additional support also for CLI-based administrationAdministratorAuthenticationSupport for multiple forms of administrator authentication including MS Active Directory, LDAP, RADIUS andCertificate-based authentication. Includes Password strength enforcement and role-based authorization.Software UpdatesAutomated software updates from SonicWall Cloud that are automatically downloaded and applied for all licensed WAFsMonitoring & ReportingLogging & AlertingGranular logging for security, system and audit events with the flexibility to control log levels and configure logtransfer via Syslog to external systems like SIEM platforms. Severity-based email-based alerting of eventsSystem Monitoring &SNMP SupportExtensive system diagnostics using debug modes and with auto-generation of Technical Support reports (TSRs).Support for 3rd party monitoring using SNMP with easily downloadable MIBsDashboards & ReportsIntuitive dashboards for Top Web Security & Botnet Threats, Latest Alerts and for Web Application Health andPerformance. Comparative dashboards against global threat status with Capture Labs support. Downloadablereports in PDF formatPlatforms & LicensesPlatformsDelivered as a virtual appliance that can be deployed on private cloud hypervisors VMWare and MS Hyper-V, as wellas public clouds AWS and MS Azure. For AWS and Azure, the Bring-Your-Own-License models is supportedLicense ModelProcured as a Subscription License with a termed entitlement of use and includes 24x7 Support Services. Availablein different “models” based on capacity and in single-year and multi-year SKUs.
Ordering InformationPRODUCTSKUSonicWall WAF for 1 PRO Website 10 GB Monthly With 24x7 Support 1-year02-SSC-0851SonicWall WAF for 1 PRO Website 10 GB Monthly With 24x7 Support 3-year02-SSC-0852SonicWall WAF for 1 Small Website 50 GB Monthly With 24x7 Support 1-year02-SSC-0854SonicWall WAF for 1 Small Website 50 GB Monthly With 24x7 Support 3-year02-SSC-0853SonicWall WAF for 1 Medium Website 200 GB Monthly With 24x7 Support 1-year02-SSC-0856SonicWall WAF for 1 Medium Website 200 GB Monthly With 24x7 Support 3-year02-SSC-0855SonicWall WAF for 1 Large Website 500 GB Monthly With 24x7 Support 1-year02-SSC-0858SonicWall WAF for 1 Large Website 500 GB Monthly With 24x7 Support 3-year02-SSC-0857About UsSonicWall has been fighting the cybercriminal industry for over 27 years, defending small, medium-sized businesses and enterprisesworldwide. Our combination of products and partners has enabled an automated real-time breach detection and prevention solutiontuned to the specific needs of the more than 500,000 organizations in over 215 countries and territories, so you can do more businesswith less fear. For more information, visit www.sonicwall.com or follow us on Twitter, LinkedIn, Facebook and Instagram.SonicWall, Inc.1033 McCarthy Boulevard Milpitas, CA 95035Refer to our website for additional information.www.sonicwall.com 2018 SonicWall Inc. ALL RIGHTS RESERVED. SonicWall is atrademark or registered trademark of SonicWall Inc. and/or its n the U.S.A. and/or other countries. All other trademarksand registered trademarks are property of their respective owners.
Application Load Balancing Data Protection DoS SonicWall Web Application Firewall Protection Content updates based on threat research Submitting files for sandboxing HTTP/SSL deep packet inspection Application delivery controller Signature-based exploit prevention Web application profiling engine Custom Rules & Patterns
