DATASHEETHIGHLIGHTS Business ā¢Gain full security transparency ā¢Get real-time snapshot of the security posture ā¢Fulfill internal compliance obligations ā¢Conduct accurate cyber-defense planning and budgeting ā¢Reduce CAPEX and OPEX Operational ā¢Understand security metrics easily at-a-glance ā¢Spark insights from every network and user events and alerts ā¢Establish accurate defensive policy actions ā¢Scale and perform at cloud-agility and -elasticity Security ā¢Uncover hidden risks ā¢Enable early intervention ā¢Respond timely to unsafe usersā activities ā¢Help analysts become better risk managers ā¢Turn responders into better problem solvers SonicWall Analytics Transforming data into actionable insights SonicWall Analytics transforms firewall traffic data into actionable insights across users, applications and networks to help mitigate security risks with greater precision and speed - all through a single interface. Built using high-performance architecture, the analytic engine enriches a massive amount of raw data across thousands of firewall nodes at scale to give stakeholders complete visibility and security transparency via an executive dashboard. Analytics creates visual and knowledge representations of the data datasets by using various forms of semantic graphs and time-use charts and tables to help reduce data silos and analyst fatigue. With added drill-down capabilities, security responders can investigate and zero in on critical data points toexpose hidden risks for early interventionas well as take evidence-backed policy actions against risky user activities as they unfold in the discovery process. With comprehensive visibility and control, security analysts see everything everywhere to become better risk managers while responders can focus their valuable time and effort on orchestrating rapid response actions across applications and users that matter most instead of reacting to every event. Analytics scales and performs atcloud-agility and -elasticityto meet even the most demanding enterprise requirements. www.sonicwall.com/analytics Learn more about SonicWall Analytics
2|SonicWall Analytics ā Transforming data into actionable insights See Everything Everywhere Analytics gives you a comprehensive view of your entire SonicWall security environment at the tenant, group, or device level. The executive dashboard provides static and near-real-time risk monitoring and analysis of all network traffic and data communication that passes through the firewall ecosystem. All log data is recorded, aggregated, contextualized, and presented in a meaningful and easily consumable way that empowers you to discover, interpret, triage, and take necessary defensive responses based on data-driven insight. Analytics comes with a broad range of pre-defined reports that can be delivered on-demand or on a regular schedule. It also allows you the flexibility to custom-build reports with values and metrics chosen from an extensive library of firewall data types, allowing you to assemble and logically extract valuable insights from specific devices across selected groups or tenants. Custom reports help declutters data funnels, giving decision-makers and responders clearer visibility and actionable intel from smaller but more quality data sets for traffic analysis and security gaps and anomalies discovery. They can now zoom to the right analytics, make informed decisions, and take timely policy actions based on reliable data. Figure 1.0 Executive Dashboard
3|SonicWall Analytics ā Transforming data into actionable insights Understand Your Risk Drill-down and pivoting capabilities enable you to further examine specific patterns and trends associated with ingress/egress traffic, application usage, user and device access, threat actions, and more with confidence. Using a mix of endpoint, network, user and application reporting and analytics, you can proactively analyze or respond to alerts, anomalies, and risky user activities. With full security transparency, you will gain situation-awareness to find security risks, orchestrate policy actions, drive consistent security enforcement and continuously monitor the results across your environment. Optimize Workforce Productivity User Analytics gives a broad and transparent view of your workforceās web application and internet usage activities. Drill-down capabilities enable analysts to pivot and investigate data points of interest and establish evidence-backed policy-controlled measures for risky users and applications as they unfold in the discovery process. In addition, Productivity Reports provide insights into employeesā internet utilization and behavior over a specified period. It generates powerful snapshots or detailed reports that classify usersā web activities into productivity groups such as productive, unproductive, acceptable, unacceptable, or custom-defined groups, helping organizations better understand and control internet usage. Flexible deployment with SaaS, virtual or IaaS options Analytics gives you flexible deployment choices that will best suit your operational requirements. For a maintenance-free experience, Analytics is integrated into SonicWallās Network Security Manager (NSM) SaaS offering hosted by SonicWall and is accessible over the internet. The SaaS option gives you unlimited elasticity to scale on-demand while lowering your operational cost. The typical hardware and software acquisition, custom installation, regular maintenance and upgrades, asset depreciation, and retirement costs are removed and replaced with one low, predictable yearly subscription cost. For total system control and compliance, you can deploy Analytics on-prem as software installed on your choice of virtual platform, such as VMWare. You benefit from all the operational and economic benefits of virtualization, including system scalability, speed of system provisioning and cost reduction. Figure 2.0 Threat Summar y Feature Summary FeatureDescription User analytics Show a comprehensive view of the workforceās network, application and threat activities via an interactive dashboard. It lets you granularly drill-down on historical records to establish evidence-backed policy-controlled measures against risky user web activities. Application traffic analyticsProvide organizations with powerful insight into application traffic, bandwidth utilization and security threats, while providing powerful troubleshooting and forensics capabilities. Security analyticsGet real-time visibility with rapid threat detection. Enable security analysts and incident responders to hunt, identify and investigate issues. Real-time dynamic visualizationThrough a single-pane-of glass, security analysts can perform deep drill-down investigative and forensic analysis of security data with greater precision and speed. Rapid detection and remediationInvestigative capabilities to chase down unsafe activities and to swiftly manage and remediate risks by taking measured actions. Productivity ReportsProvide insights into the organizationās internet resource utilizations. It generates powerful snapshots and drill-down reports on usersā internet access behavior. Custom reportsSelf-guided workflow to custom-build reports with selected values and metrics chosen from a library of firewall data types.
4|SonicWall Analytics ā Transforming data into actionable insights FeatureDescription Tenant- and Group-level reportsAllow users to view pre-defined or custom reports at the device-group or tenant level. VPN Reports Summarize what company resources are being used in the VPN tunnel, how much bandwidth they are consuming and who (i.e., username and IP address) uses that traffic. Network admins can leverage this information for monitoring business-critical applications, controlling or shaping traffic and planning for capacity growth. Flow analytics and reports Provide a flow reporting agent for application traffic analytics and usage data through IPFIX or NetFlow protocols for real-time and historical monitoring. Offers administrators an effective and efficient interface to visually monitor their network in real-time, providing the ability to identify applications and websites with high bandwidth demands, view application usage per user and anticipate attacks and threats encountered by the network. ā¢A Real-Time Report screen with one-click filtering ā¢A Top Flows Dashboard with one-click View By buttons ā¢A Flow Reports screen with additional flow attribute tabs ā¢A Flow Analytics screen with powerful correlation and pivoting features ā¢A Session Viewer for deep drill-down of individual sessions and packets Comprehensive graphical reportsProvide visibility into firewall threats, bandwidth usage, employee productivity, suspicious network activity and application traffic analysis. Syslog reporting (Only for Analytics 2.5) Streamline data summarization, allowing for near real-time reporting of incoming Syslog messages. Direct access to the underlying raw data further facilitates extensive granular capabilities and highly customizable reporting. Scheduled reports Provide a single-entry point for all scheduled reports. One report can combine charts and tables for multiple units. Reports can be scheduled and sent out in various formats to one or more analysts. At-a-glance reportingOffer customizable views to illustrate multiple summary reports on a single page. Users can easily navigate through vital network metrics to analyze data quickly across a variety of reports. Multi-threat reporting Collect information on attacks, providing instant access to threat activities detected by SonicWall firewalls using the SonicWall Capture ATP, Gateway Anti-Virus, Anti-Spyware, Intrusion Prevention and Application Intelligence and Control security services. New Attack intelligenceReport on specific types of attacks, intrusion attempts and the source address of the attack to enable administrators to respond quickly to ongoing threats. Rogue Wireless Access Point Reporting Show all wireless devices in use as well as rogue behavior from ad-hoc or peer-to-peer networking between hosts and accidental associations for users connecting to neighboring rogue networks. Capture ATP Report Provide an at-a-glance threat analysis dashboard and reports, which detail the analysis results for files sent to the service, including source, destination and a summary plus details of malware action once detonated. Botnet Report Include four report types: Attempts, Targets, Initiators, and Timeline containing attack vector contexts such as Botnet ID, IP Addresses, Countries, Hosts, Ports, Interfaces, Initiator/Target, Source/Destination, and User. Geo IP Report Contain information on blocked traffic that is based on the trafficās country of origin or destination. Includes four report types: Attempts, Targets, Initiators, and Timeline containing attack vector context such as Botnet ID, IP Addresses, Countries, Hosts, Ports, Interfaces, Initiator/Target, Source/Destination, and User. Centralized loggingOffers a central location for consolidating security events and logs of all managed appliances, providing a single point to conduct network forensics. Cloud-Native ArchitectureCollect, combine, process, reprocess, extract, correlate and load massive amount of queried data from tens of thousands of firewall nodes at cloud-speed and -elasticity.
5|SonicWall Analytics ā Transforming data into actionable insights For SonicWall Analytics in SaaS mode via Network Security Manager: Supported SonicWall appliances include: ā¢SonicWall Network Security Appliances: NSA Series, NSaSeries, TZ Series appliances, SOHO-W, SOHO 250, SOHO 250W ā¢SonicWall Network Security Virtual Appliances: NSv10 to NSv400 Supported SonicWall firmware ā¢SonicWall SonicOS 6.0 or higher Internet browsers ā¢MicrosoftĀ® Internet Explorer 11.0 or higher (do not use compatibility mode) ā¢Mozilla Firefox 37.0 or higher ā¢Google Chrome 42.0 or higher Safari (latest version) For SonicWall Analytics on-premises deployment: Virtual appliance ā¢Hypervisor: VMware ESXi v5.5 / v6.0 / v6.5 / v6.7, Microsoft Hyper-V Win 2016 ā¢Recommended RAM: Unlimited (8 GB minimum) ā¢HardDisk: Base OVA 65 GB need external mount ā¢vCPU: 4/unlimited ā¢Network Interface: 1 ā¢VMware Compatibility Guide Supported SonicWall firmware ā¢SonicWall SonicOS 6.0 or higher Supported SonicWall appliances include: ā¢SonicWall Network Security Appliances: NSsp, SuperMassive E10000 and 9000 Series, NSA Series, NSaSeries, TZ Series appliances, SOHO-W, SOHO 250, SOHO 250W ā¢SonicWall Network Security Virtual Appliances: NSvSeries Minimum System Requirements Licensing and Packaging Reporting FeaturesSaaS Analytics for NSM Essential SaaS Analytics for NSM Advanced On-premises Analytics On-premises Analytics Log ProtocolProprietary1Netflow/IPFIX based1Netflow/IPFIX based1Syslog based1 Group/Tenant Level DashboardYesYesNoNo Capture ATP (Device Level)YesYesYesYes Capture Threat Assessment (CTA) - Device LevelYesYesYesNo Productivity Reports3NoYesNoNo VPN ReportsNoYesNoYes Custom ReportNoYesYesYes Schedule Report (Flow, Syslog, CTA or Management)Yes (exclude Flow)YesYesYes Days of reporting data7 days (basic reporting) 365 days (complete reporting) As per log rate, disk size and license4Up to 36 months5 Analytics Days of analytics dataNo30 daysAs per log rate, disk size and license4Up to 36 months5 User-based analyticNoYesYesYes Application analyticsNoYesYesYes Network forensic and threat hunting using drill-down and pivotsNoYesYesYes Technical Support24x7 support24x7 support24x7 support224x7 support2 1Requires AGSS/CGSS ser vice or any paid Capture Security Center ser vice 2Requires a 24x7 support license 3Requires AGSS/CGSS license enabled on Generation 6/6.5 Firewalls, Essential Protection license on Generation 7 Firewalls 4Analytics and reporting data stored on system depends on aggregated log rate, available disk space and applied license 5Maximum number of days are user configurable
This site uses cookies to ensure you get the best experience.By using this site you agree to our use of cookies for analytics, and for personalized content and ads.