Datasheet

The design, implementation and deployment of modern network architectures, such as virtualization and cloud, continue to be a game-changing strategy for many organizations. Virtualizing the data center, migrating to the cloud, or a combination of both, demonstrates significant operational and economic advantages. However, vulnerabilities within virtual environments are well-documented. New vulnerabilities are discovered regularly that yield serious security implications and challenges. To ensure applications and services are delivered safely, efficiently and in a scalable manner, while still combating threats harmful to all parts of the virtual framework including virtual machines (VMs), application workloads and data must be among the top priorities.

The SonicWall Network Security virtual (NSv) firewall series helps security teams reduce these types of security risks and vulnerabilities, which can cause serious disruption to your business-critical services and operations. NSv nextgeneration virtual firewalls integrate two advanced security technologies to deliver cutting-edge threat prevention that keeps your network one step ahead. SonicWall’s patent-pending Real-Time Deep Memory Inspection (RTDMI™) technology enhances our award-winning multi-engine Capture Advanced Threat Protection (ATP) sandboxing service. The RTDMI engine proactively detects and blocks mass market, zero-day threats and unknown malware by inspecting directly in memory. Because of the real-time architecture, SonicWall RTDMI technology is precise, minimizes false positives, and identifies and mitigates sophisticated attacks where the malware’s weaponry is exposed for less than 100 nanoseconds. In combination, SonicWall’s patented* single-pass Reassembly-Free Deep Packet Inspection (RFDPI®) engine examines every byte of every packet, inspecting both inbound and outbound traffic on the firewall.

*U.S. Patents 7,310,815; 7,600,257; 7,738,380; 7,835,361; 7,991,723

The NSv series delivers the automated real-time breach detection and prevention organizations need by utilizing innovative deep learning technologies in the SonicWall Capture Cloud Platform. This platform delivers cloud-based threat prevention and network management plus reporting and analytics for organizations of any size. This platform consolidates threat intelligence gathered from multiple sources including our Capture ATP, as well as more than 1 million SonicWall sensors located around the globe. By leveraging the SonicWall Capture Cloud Platform in addition to capabilities including intrusion prevention, antimalware and web/URL filtering, the NSv series blocks even the stealthiest threats at the gateway.

NSv is easily deployed and provisioned in a virtual environment, typically between virtual networks (VNs) or virtual private clouds (VPCs). This allows it to capture communications and data exchanges between virtual machines for automated breach prevention, while establishing stringent access control measures for data confidentiality and VM safety and integrity. Security threats (such as crossvirtual-machine or side-channel attacks, common network-based intrusions, and application and protocol vulnerabilities) are neutralized successfully through SonicWall’s comprehensive suite of security inspection services¹. All VM traffic is subjected to multiple threat analysis engines, including intrusion prevention, gateway anti-virus and antispyware, cloud anti-virus, botnet filtering, application control and Capture ATP multi-engine sandboxing with RTDMI technology.

Segmentation Security

For optimal effectiveness against Advanced Persistent Threats (APTs), network security segmentation must apply an integrated set of dynamic, enforceable barriers to advanced threats. With segment-based security capabilities, NSv can group similar interfaces and apply the same policies to them, instead of having to write the same policy for each interface. By applying security policies to the inside of the VN, segmentation can be configured to organize network resources into different segments, and allow or restrict traffic between those segments. This way, access to critical internal resources can be strictly controlled.

NSv automatically enforces segmentation restrictions based upon dynamic criteria, such as user identity credentials, geoIP location and the security stature of mobile endpoints. For extended security, NSv is also capable of integrating multi-gigabit network switching into its security segment policy and enforcement. It directs segment policy to traffic at switching points throughout the network, and globally manages segment security enforcement from a single pane of glass.

Since segments are only as effective as the security that can be enforced between them, NSv applies intrusion prevention system (IPS) to scan incoming and outgoing traffic on the VLAN segment to enhance security for internal network traffic. For each segment, it enforces a full range of security services on multiple interfaces based on enforceable policy.

Flexible Deployment Use Cases

With infrastructure support for high availability implementation, NSv fulfills scalability and availability requirements of Software Defined Data Centers. It ensures system resiliency, service reliability, and regulatory conformance. Optimized for broad range of public, private and hybrid deployment use cases, NSv can adapt to service-level changes and ensure VMs and their application workloads and data assets are available, as well as secure. It can do it all at multiGbps speed with low latency.

Organizations gain all the security advantages of a physical firewall, with the operational and economic benefits of virtualization. This includes system scalability, operation agility, provisioning speed, simple management and cost reduction.

The NSv series is available in multiple virtual flavors carefully packaged for a broad range of virtualized and cloud deployment use cases. Delivering multigigabit threat prevention and encrypted traffic inspection performance, the NSv series adapts to capacity-level increases and ensures VN and VPC safety. The series also ensures application workloads and data assets are available as well as secure.

Govern Centrally

NSv deployments can be centrally managed either on premises with SonicWall Global Management System (GMS²), or with Capture Security Center², SonicWall’s open, scalable cloud security management, monitoring, reporting and analytics platform delivered as a costeffective as-a-service offering.

Capture Security Center gives the ultimate in visibility, agility and capacity to govern the entire SonicWall virtual and physical firewall ecosystem with greater clarity, precision, and speed – all from a single pane of glass.

Flexible Licensing

NSv supports Bring Your Own License (BYOL) and Pay As You Go (PAYG) licensing. The BYOL license for NSv can be purchased directly from SonicWall, a partner or reseller. Whereas, PAYG license is purchased directly from the AWS Marketplace. This type of license is a usage-based license wherein payment is made as per usage on an hourly or annual basis.

GMS provides a holistic approach to security governance, compliance and risk management