The NSS Labs Report for Next Generation Firewalls was released earlier this year. Our Senior Security Consultant, Elliott Abraham, gives his professional opinion about the report and Dell SonicWall’s performance. Watch the video below.

The NSS Labs Report is an independent study testing Next Generation Firewalls (NGFW) against their vendors’ specifications, and it is a comparative analysis of security effectiveness and value. Value was measured by the total cost of ownership per protected Mbps (megabits per second), and the testing revealed that Dell SonicWall was among the top performers, coming out with a ‘Recommended’ rating for the fourth year in a row. Dell Sonicwall had a 97.9% security effectiveness rate and $15.46 TCO (total cost of ownership) per protected Mbps. Dell SonicWall also surpassed its vendor-claimed performance. Dell SonicWall rates its device at 12 Gbps. However in the study, Dell SonicWall was rated at 16,395 Mbps by NSS. The study clearly shows the great performance and value that Dell SonicWall delivers as a top-of-the-line NGFW.

Our security engineer, Elliott, perfectly describes the performance of Dell SonicWall. He describes it by saying, “It simply works.” When compared with competitors, such as CheckPoint and Palo Alto, SonicWall is simply a better option for a number of reasons. The study revealed that SonicWall is a better value than other NGFW options. The combination of having an above average security effectiveness rate of 97.5% and a value of $15.46 TCO per protected Mbps can’t be beat.

SonicWall provides a unique capability that Elliott describes in the video as “Actionable Intelligence.” Other NGFWs are able to show customers what is actually going on in their network and display all the threats and vulnerabilities that exist. However, SonicWall takes it one step further and is able to not only show what is going on in the network, but enable users to seamlessly act on those risks.  size. Other NGFW have a file size limit and, as a result, have to fragment the packets in order to perform deep packet inspection, which gives Lastly, Sonicwall provides patented reassembly free deep packet inspection. Again, this capability isn’t new. SonicWall is able to inspect every byte of every packet regardless of filemalware and other threats an opportunity to pass through uninspected. SonicWall prevents this by providing patented reassembly free deep packet inspection regardless of file size.

NSS Labs NGFW Study proves that Dell SonicWall is an exceptional firewall for any network. In this ever-changing technology landscape, threats are evolving every day. SonicWall is purposely built to protect customers against these threats.

Video Transcription

I’m Elliott Abraham, and I am the Senior Security Consultant for ADAPTURE Technology Group. The 2014 NSS Labs Report for Next Generation Firewalls was recently released, and our partner Dell SonicWall was recommended again for the fourth year in a row.

My customers ask me, “hey Elliot, were you surprised that SonicWall performed so well on the recent NSS Labs Report?” No, I wasn’t at all.

Not only does SonicWall have the ability to show you what’s actually going on on your network, what threats and vulnerabilities exist but it also gives you the ability to seamlessly act on mitigating those risks. We call this feature “actionable intelligence.” Actionable intelligence is simply the ability for a customer to not only see the traffic that’s going on, malicious or otherwise that’s traversing their firewall, but it also gives them the ability to quickly and seamlessly act on those risks as they see them.

With SonicWall, on the application monitor in the dashboard, in four simple clicks, whether an application is a rogue application going across your network or whether it’s a bandwidth consuming user, in four short clicks, you can easily control the bandwidth or block the application all together.

When I deployed this product for my customers, many of them had used other products, many well-known products, many that I have been certified with years and years and years. After using SonicWall, they found out that SonicWall just works.

One of the reasons why SonicWall works so well is because of its patented reassembly free deep packet inspection. Now that’s a mouthful. When I first read it, I thought it was just marketing, but it really works. The way reassembly free deep packet inspection works is that, regardless of file size, every bite of every packet that goes through the firewall is inspected for malware, viruses, trojans, botnets, etc. Everything is inspected by the reassembly free deep packet inspection engine.

Now, deep packet inspection is nothing new. Since the advent of stateful packet inspection firewalls, the next iteration thereof was deep packet inspection where the firewall looked deeper into the body of the packet as it’s going through to find out that there’s more malicious content down there inside of the body and not just in the header of the packet.

But the way SonicWall distinguishes itself is that SonicWall is fixed every single bite of every single packet. Now several other vendors, they tout their deep packet inspection, but if you read the fine print, you’ll find out that there is a size limitation to the size of file that is going to be inspected as it’s going through the firewall.

So the question is: what happens when I reach that theoretical size limit? What happens is this: the firewall then has to fragment the packet so that it can inspect just the size of the file that it needs to go through the firewall. But what if the malicious payload is in the portion of that packet that was fragmented, and it went through uninspected?

It’s real simple of the other side, on the client, it’s real simple, and it’s put together in its final form. And the virus or malware or trojan or what-have-you is still intact. In this ever-changing threat landscape, we’re seeing everyday new threats emerge, whether it’s the SSL Version 3.0 vulnerability, code name POODLE, whether it’s Heartbleed which ravaged the industry again with SSL, or whether it’s the Shellshock vulnerability, SonicWall is purposely built to protect our customers from these threats.

This is something that I am very passionate about, and I’ve watched the industry. And year after year after year, SonicWall has been a sonic performer. Was I surprised in Palo Alto underperformed, and SonicWall surpassed Palo Alto? No, I wasn’t. Palo Alto is great in their marketing. They have probably the best marketing of any firewall vendor in the industry hands down. That’s no secret. Everybody knows that, but at three o’ clock in the morning, when my network is burning down and there’s a virus and malware that’s running rampant on my network and I need to act of this thing fast, which firewall do I really want my engineers to turn to?

For me, in my 25 years of IT experience, I want to turn to something that has actual intelligence, that I can see the threat as it’s occurring and act on it very quickly in four short clicks. So I’m not surprised that SonicWall outperformed Palo Alto. Palo Alto? Great marketing. But SonicWall? Great performance.