Of Billions and Trillions: firewalls, threats and Sonicwall's thriving business

Last Updated: Tue, Apr 16, 2019 11:49 hrs

There's much to SonicWall, than the mere providing of firewalls and security tools that makes business a safe proposition for the enterprise. Security certainly is no longer an after-thought, but SonicWall’s curious story does not end there.

The company seems to be doing what the likes of Motorola could not. Similar to Motorola, SonicWall had a change of promoters thrice. Brothers of Indian origin, Sreekanth Ravi and Sudhakar Ravi formed Sonic Systems in late 90s. Dell, in early 2012 acquired Sonic. In 2016, Dell exited from SonicWall.

Motorola too had a similar story. It got acquired by Google and was later sold to Lenovo. But, Motorola has been struggling.

Unlike Motorola, SonicWall seems to have spent the last eighteen months on a busy note. The company has added 54 new services and products, including the commencement of a unified threat detection tool.

SonicWall also has a great opportunity up its sleeve. With rising number of threats being detected per minute, they need not sell security as that bitter pill. In an interaction with Sairaj Iyer of Sify.com, Robert (Bob) Vankirk, Chief Revenue Officer and Debashish Mukherjee, Country Manager, India and SAARC at SonicWall explain some of these threats, the business landscape, and a few trends.

Edited Excerpts:

Sify.com: You say that the past 18 months were busy- 54 new products and services. What powered this acceleration?

Robert (Bob) Vankirk, Chief Revenue Officer: It definitely starts by listening to the customer. We have an incredible CEO who has a true sense of where the market is going. Alongside, we have an incredible and highly focused engineering and product team.

After the divestiture, we also looked at the market and basically the customer insight on our strength areas. Our customers said they did not want multiple management plans. They definitely needed layers such as key security at perimeter, emails, and certain modules, but did not fancy managing 4-5 distinct concepts [modules]. We consolidated them and leaned on other areas.

But, didn’t you already have a couple of UTMs (unified threat management) tools, and those controllers for WIFI, emails, or even sandboxes. Did the portfolio during the Dell days undergo a change?

Bob: We have had remote SSL in 2008, email for about 10-12 years. For our Wireless Business, Ditto! But the key area where we focused was clubbing those into a single console. The Threat Management capability on a single dashboard is a huge value add-on.

Having a dashboard where you can see all the threats, not merely reporting but also advanced analytics, and offer key insights has taken the dashboard to a next level. Security heads do not have the time to look into 500 incident reports, but just focus into a few insights. That’s, where we made the bulk of our stride over last year and half.

Also, we fuelled rapidly into the cloud. 

Would it be wise to say that Dell did not visualize the level of growth that SonicWall achieved in the last two years?

Bob: Dell brought some key areas including our expansion into enterprise. They also brought some key accounts. But having said that, post the divestiture, we have made tremendous gains, including growth in India, and acquiring key enterprises

Robert (Bob) Vankirk (left), CRO with Debashish Mukherjee, Country Manager, India & SAARC. Photo by Sairaj Iyer for Sify.com

What have been the demands from some of your marquee customers such as the Federal Reserve?

Debashish Mukherjee, Country Manager, India & SAARC: Be it the Federal Reserve, corporate or even SME client, they understand that security is no more a point to point solution. Also, enterprises today can tap into a great deal of insight by using our threat matrix reports. Being a 27-year-old security organization, we have a million odd censors across the world. This helps us offer real time report.

Bob: May not comment on a single entity, but can talk on demands and a few key observations. We have found some common grounds. In fact, I was impressed with some of the new threats vectors like inspecting encrypted traffic, DPISSL. 70 percent of the internet’s traffic is encrypted, but our threat data says more attacks coming via those encrypted channels. Traditionally, enterprises allowed that traffic to enter in. So our focus and belief is that enterprises should decrypt, inspect and then pass that traffic.

Also, we see more and more enterprises adopting not just something at the perimeter, but at multiple layers. The security is not limited to just screening ports. Also, enterprises are using multiple variants of sandboxes, something quite unusual.

What are these sensors and are the number the largest number in industry?

Bob: These are the devices that we have implemented. Currently about 1.3 million in number, these are a combination of firewalls and solutions implemented in at least 200-300 thousand customer points. These sensors constantly call home, provide the latest and updated information on an hourly basis. The insights are related to new attacks and threat vectors.

Mukherjee: This is the largest number of data-point. A central machine scans the data sent in by these sensors. Using machine learning algorithms, we generate different signatures to protect other customers. Our reports are based on those data-sets.

Top of them we have already added RTDMI (Real Time Deep Memory Inspection Technology), then, the encrypted traffic on non standard port.

Billions & Trillions: Key trends from SonicWall Cyber Threat Report:

  • 3.9 trillion intrusion attempts
  • 10.52 billion malware attacks blocked in 2018.
  • 217.5 per cent increase in IoT attacks in 2018
  • The company blocked 2.8 million encrypted malware attacks in 2018, a 27% y-o-y increase.
  • 11% increase in ransomware attacks
  • 56% increase in web app attacks
  • New Vulnerabilities: Spoiler, PortSmash, Foreshadow, Meltdown and Spectre. SonicWall’s Real-Time Deep Memory Inspection (RTDMI) technology identified 74,290 never-seen-before attacks in 2019.

What are the common narratives and complaints that you get from CIOs these days?

Bob: CIOs want a more unified approach in governance. They want easy management and reporting tools. Obviously, they don’t want to manage silos. They also want security platforms to offer personalized risk meters. For instance, things such as how many threats were detected and eliminated on a daily basis.

How has marketing changed in recent times? Do brands still sell and market security as that bitter pill to stay secure?

Bob: It differs from client to client. But then, there is also a value that CXOs observe and evaluate these days. The customized journeys that we build for our customers is also a compelling point for them to consider. Besides that, there is a large awareness that SonicWall is known for higher security application. Great price point and very high security. Other factors include ease of use.

For example, we offer the Zero Touch feature on our firewalls. There are multiple customers with thousands of sites to install a firewall. When we ship a firewall, these customers had to manually register, configure each firewall at of those sites. Today, those firewalls ship to the site, and technology teams don’t need someone highly technical. We have made those firewalls plug and play.

The system automatically registers the firewall. Besides ease, this is also a cost-saving activity as teams don’t have to spend precious man-hours travelling and configuring. It also makes sense for SME businesses, since they may not have large dedicated technology teams.

We are implementing a similar capability for our next generation anti-virus tool. With our new access points, shipping in May, customers need to only scan access points to automatically register across a floor plan. Then, we have a WIFI planner that a customer or partner can actually map out on a floor plan, and easily dedicate access points across multiple locations.

Would it be wiser to imply that increase in AI or ML may be inversely proportional to the kind of threat vectors we observe today?

Bob: Artificial intelligence and Machine learning are the future. As we speak, a 1 billion odd malware attacks were reported last week. There is absolutely no way that even a large company can address that.

Having said that, ML and AI depend on hi-volume data. More the data, better it is to track and push new signatures to thwart attacks.

Certainly those 1.3 million sensors have helped us raise our bar as well as meet that vision two years ago on becoming an automated tool. Of the potential malwares detected, 70% are certified good or bad within less than 2 seconds. For a human to achieve that speed is a huge ask.

Tell us a bit about your research and development centers in Shanghai, US and Bengaluru.

Bob: Bengaluru is the largest employee base outside of the US. Half of that is engineering and the other half is our tech support. Engineering works in tandem with support. India is key to SonicWall’s engineering and support standpoint. Also, there is a lot of reliance and inter-dependence between the teams.

What is RTDMI: According to SonicWall’s press release, the RTDMI technology "detects and blocks malware that does not exhibit any malicious behavior and hides its weaponry via encryption. By forcing malware to reveal its weaponry into memory, the RTDMI engine proactively detects and blocks mass-market, zero-day threats and unknown malware".