Specification Sheet

ManualsBrandsSonicwall ManualsComputers & AccessoriesSonicWall | SOHO Wireless-N Secure Upgrade Plus 3YR | 01-SSC-0648

Features

RFDPI engine

Feature Description

Reassembly-Free Deep Packet Inspection This high-performance, proprietary and patented inspection engine performs stream based bi-directional trafc

analysis, without proxying or buffering, to uncover intrusion attempts, malware and identify application trafc

regardless of port.

Bi-directional inspection Scans for threats in both inbound and outbound trafc simultaneously to ensure that the network is not used to

distribute malware, and does not become a launch platform for attacks in case an infected machine is brought inside.

Single-pass inspection A single-pass DPI architecture simultaneously scans for malware, intrusions and application identication, drastically

reducing DPI latency and ensuring that all threat information is correlated in a single architecture.

Stream-based inspection Proxy-less and non-buffering inspection technology provides ultra-low latency performance for deep packet

inspection of simultaneous network streams without introducing le and stream size limitations, and can be applied

on common protocols as well as raw TCP streams.

Capture Advanced Threat Protection

Multi-Engine Sandboxing The multi-engine sandbox platform, which includes virtualized sandboxing, full system emulation, and hypervisor

level analysis technology, executes suspicious code and analyzes behavior, providing comprehensive visibility to

malicious activity

Broad File Type Analysis Supports analysis of a broad range of le types, including executable programs (PE), DLL, PDFs, MS Ofce

documents, archives, JAR, and APK plus multiple operating systems including Windows, Android, Mac OSX and

multi-browser environments.

Rapid Deployment of Signatures When a le is identied as malicious, a signature is immediately deployed to rewalls with SonicWALL Capture

subscriptions and GRID Gateway Anti-Virus and IPS signature databases and the URL, IP and domain reputation

databases within 48 hours.

Block Until Verdict To prevent potentially malicious les from entering the network, les sent to the cloud for analysis can be held at the

gateway until a verdict is determined.

Intrusion prevention

Feature Description

Countermeasure-based protection Tightly integrated intrusion prevention system (IPS) leverages signatures and other countermeasures to scan packet

payloads for vulnerabilities and exploits, covering a broad spectrum of attacks and vulnerabilities.

Automatic signature updates The SonicWall Threat Research Team continuously researches and deploys updates to an extensive list of IPS

countermeasures that covers more than 50 attack categories. The new updates take immediate effect without any

reboot or service interruption required.

Intra-zone IPS protection Bolsters internal security by segmenting the network into multiple security zones with intrusion prevention, preventing

threats from propagating across the zone boundaries.

Botnet command and control (CnC) detection

and blocking

Identies and blocks command and control trafc originating from bots on the local network to IPs and domains that

are identied as propagating malware or are known CnC points.

Protocol abuse/anomaly Identies and blocks attacks that abuse protocols in an attempt to sneak past the IPS.

Zero-day protection Protects the network against zero-day attacks with constant updates against the latest exploit methods and

techniques that cover thousands of individual exploits.

Anti-evasion technology Extensive stream normalization, decoding and other techniques ensure that threats do not enter the network

undetected by utilizing evasion techniques in Layers 2-7.

Threat prevention

Feature Description

Gateway anti-malware The RFDPI engine scans all inbound, outbound and intra-zone trafc for viruses, Trojans, key loggers and other

malware in les of unlimited length and size across all ports and TCP streams.

CloudAV malware protection A continuously updated database of over 17 million threat signatures resides in the SonicWall cloud servers and is

referenced to augment the capabilities of the onboard signature database, providing RFDPI with extensive coverage

of threats.

Around-the-clock security updates New threat updates are automatically pushed to rewalls in the eld with active security services, and take effect

immediately without reboots or interruptions.

SSL decryption and inspection Decrypts and inspects SSL trafc on the y, without proxying, for malware, intrusions and data leakage, and applies

application, URL and content control policies in order to protect against threats hidden in SSL encrypted trafc

Included with security subscriptions for all models except SOHO. Sold as a separate license on SOHO.

Bi-directional raw TCP inspection The RFDPI engine is capable of scanning raw TCP streams on any port bi-directionally preventing attacks that they to

sneak by outdated security systems that focus on securing a few well-known ports.

Extensive protocol support Identies common protocols such as HTTP/S, FTP, SMTP, SMBv1/v2 and others, which do not send data in raw TCP,

and decodes payloads for malware inspection, even if they do not run on standard, well-known ports.