December 11, 2019 By BlueAlly
Firewalls are the workhorse of network security and are especially adept at mitigating advanced threats like malware, ransomware and encrypted threats. Firewall appliances must, however, be regularly upgraded to stay ahead of cybercriminals.
Still running an older SonicWall NSA or E series model? Consider these 10 reasons to upgrade to the latest mid-range SonicWall NSa next-generation firewall.
Stop the Most Advanced Threats
Advanced persistent threats move with great speed and veracity, and are designed to target and infiltrate all businesses and organizations.
However, a cloud-based, multi-engine sandbox, such as the SonicWall Capture Advanced Threat Protection (ATP) service, provides real-time security against advanced cyberattacks, including ‘never-before-seen’ ransomware, malware and side-channel attacks. Each day, Capture ATP subscribers discover and stop more than 1,000 new attacks each business day.
Why upgrade: SonicWall Capture ATP is only available for the NSA/NSa 2600 and newer next-generation firewalls, as well as the current TZ and NSsp product lines (sixth generation or newer). This service is not available for legacy SonicWall firewalls, including some NSA and E Series models (usually silver in color with the old blue SonicWall logo).
Inspect Traffic without Slowing Performance
You should never be put into a position to choose between security and performance. With bandwidth-hungry apps woven into our everyday lives — SaaS apps, video streaming and social media — firewalls with faster deep packet inspection (DPI) are better at securing networks without greatly affecting performance.
In fact, through the first three quarters of 2019, SonicWall registered 3.1 million encrypted attacks. This marked a 58% year-over-year increase from 2018.
Faster DPI performance gives businesses greater capacity to utilize higher internet speeds and support more concurrent users without ever sacrificing security.
Why upgrade: For example, NSa 2650 delivers a 25% DPI-SSL performance improvement over the NSA 2600. SonicWall NSa 2650 and newer firewalls (e.g., 2650-9650) offer significantly faster DPI performance than their predecessors, the NSA 2600-9600 range, E Series models and other older appliances.
Inspect TLS/SSL Traffic without Increasing Costs
The majority of web traffic is encrypted today. Without proper security controls in place, TLS/SSL encryption standards provide cybercriminals easy access to your network.
That’s why deep packet inspection of encrypted traffic (DPI for TLS/SSL) is mandatory. Some firewall vendors, unfortunately, upcharge for proper TLS/SSL inspection capabilities or simply don’t offer the capability at all. Unfortunately, inspecting TLS/SSL traffic also takes compute power and organizations need a firewall that can process TLS-encrypted traffic without hurting performance.
Why upgrade: The latest SonicWall NSa firewalls include the DPI-SSL license (by default) to inspect encrypted traffic at no additional cost, thereby reducing capital expense. Unfortunately, older-generation NSA firewalls (usually silver in color with our old logo) do not support inspection of encrypted traffic.
Expand Remote Branch/Site Security
For organizations with remote and branch locations, such as retail POS businesses, the ability to create a larger number of site-to-site VPN tunnels to connect distributed networks together and securely share data is essential. But not all firewalls have the capability or capability to make this happen.
Why upgrade: By moving to the latest NSa firewall series, your organization can secure more remote branches, services and devices. This is particularly powerful for distributed enterprises, retail organizations, etc. The NSa 2650, for example, enables the creation of 4x more site-to-site VPN tunnels than the NSA 2600 (1,000 vs. 250).
Support More High-Speed Wi-Fi Connections
Fast and secure Wi-Fi is a requirement in today’s hyper-connect world. Today’s wireless standard, 802.11ac, delivers the performance, range and reliability of high-speed wireless technology for a safe and fast user experience.
In a properly secured environment, wireless access points must be paired with a firewall that can support 802.11ac wireless standards.
But newer firewalls can support more connections, too. The option to connect a larger number of wireless access points to a single firewall enables organizations to extend their wireless network farther without purchasing additional hardware.
Why upgrade: Combine the latest NSa series next-generation firewall with a SonicWall SonicWave 802.11ac Wave 2 wireless access point to create a high-speed wireless network security solution.
NSa series firewalls and SonicWave 400 series wireless access points both feature 2.5 Gigabit Ethernet ports that can support multi-gigabit wireless throughput, which is available in the 802.11ac Wave 2 wireless standard. In addition, you can connect more wireless access points to the latest NSa firewall. The NSa 2650, for example, supports 1.5x the number of connected SonicWave wireless access points as the NSA 2600 (48 vs. 32).
Unfortunately, legacy NSA and older firewalls (as well as those on SonicOS 5.x or older firmware) do not offer multi-gigabit ports to accommodate the faster throughput supported by Wave 2 wireless standard.
Decrease Support Costs
Single sign-on (SSO) technology helps secure your environment, as well as employees, to be more productive and helps shrink IT support costs (e.g., tickets, calls, etc.) by enabling users to safely gain access to connected systems with a single ID and password.
Simply, the more users who can access a system with a single ID, the fewer support calls, IT tickets and complaints that will be generated. This self-service approach means real savings to your business or enterprise.
Why upgrade: The NSa 2650, for example, allows a larger population of users
(40,000 vs. 30,000) to benefit from the use of SSO compared to the legacy NSA 2600. This disparity widens the further you go up the product line.
Increase Network Capacity
With increased network bandwidth requirements from apps, video streaming and social media, faster DPI and DPI-SSL performance provides a secure network without performance degradation.
Faster DPI performance also provides organizations with a greater capacity to utilize higher internet speeds and support more concurrent users. A higher number of concurrent connections provides greater scalability by enabling more simultaneous user sessions to be active and protected by the firewall.
Why upgrade: The NSa 2650 enables 500,000 deep packet inspection (DPI) connections and up to 100,000 deep packet inspection of TLS/SSL-encrypted (DPI-SSL) connections compared to the 250,000 for DPI and 1,000 for DPI-SSL on the NSA 2600 and older models, such as the NSA 220 (32,000 for DPI).
Boost Memory for Added Users, Logs & Policies
The number of users who require security on your network grows by the day. Unfortunately, the on-board memory of legacy firewalls can only support a finite footprint of users on the network.
Advanced NSa firewalls offer more onboard memory to allow for more rules and policies, users and log messages to be stored on the firewall, making reporting easily accessible.
Why upgrade: The NSa 2650 has twice the onboard memory of the NSA 2600 (4 GB vs. 2 GB) and eight times the memory of the NSA 220 (4 GB vs. 512MB). This increased capacity empowers organizations to use a single NSa firewall to protect a larger userbase with deeper and more robust rules and policies.
Ditch the Switch with More Ports
It’s time to clean up your server room or IT area. Having a greater number of ports allows organizations to connect more SonicWall devices directly to the firewall without needing to purchase a switch. In addition, organizations that require increased throughput to support bandwidth-intensive applications and data transfer need multi-gigabit ports.
Why upgrade: Newer NSa firewalls offer many more ports than their predecessors. For example, the NSa 2650 has 2.5x the number of ports as the NSA 2600 (20 vs. 8). The NSa 2650 also features eight 2.5 GbE ports while the NSA 2600 has none.
Improve Business Continuity
Many enterprises and larger organizations build in businesses continuity and disaster recovery plans in their process. Part of this is planning is ensuring there’s a contingency for as many scenarios as possible, not the least of which is power. Many legacy firewalls only offer a single power supply. Newer models offer a second power supply to ensure business continuity if one power supply fails.
Why upgrade: While the current NSa line and last-generation NSA series both include a single power supply, the NSa 2650-9650 have an additional slot to add an optional second power supply for critical redundancy.