Already have a quote?
Challenge us to...
...beat any equivalent competitor or SonicWall price!
SonicWall Partner
Advanced Protection Service Suite (APSS)
Address the network security challenges for organisations of all sizes
Through a combination of cloud-based and on-box technologies APSS delivers the complete SonicWall security suite that’s been validated by independent third party testing for its extremely high security effectiveness.
APSS includes:
Content Filtering Service (CFS), Capture Advanced Threat Protection (CATP), Gateway AntiVirus (GAV), Intrusion Prevention Service (IPS), Application Control, DNS Security, 24x7 support, 7 day reporting and analytics, cloud management (with "Network Security Manager"), hardware warranty and cyber insurance.
Interested in full management by SonicWall?
Consider this option to offload your firewalls to SonicWall directly. Check out MPSS
APSS is included in all hardware with a subscription (typically 1,2 or 3 year duration). Any firewall product with the title "Total Secure Advanced", "Secure Upgrade Advanced" indicates that the APSS subscription is included. This full security suite includes:
Intrusion Prevention
| Feature | Description |
|---|---|
| Countermeasure-based protection | Tightly integrated intrusion prevention system (IPS) leverages signatures and other countermeasures to scan packet payloads for vulnerabilities and exploits, covering a broad spectrum of attacks and vulnerabilities. |
| Automatic signature updates | The SonicWall Threat Research Team continuously researches and deploys updates to an extensive list of IPS countermeasures that covers more than 50 attack categories. The new updates take immediate effect without any reboot or service interruption required. |
| Intra-zone IPS protection | Bolsters internal security by segmenting the network into multiple security zones with intrusion prevention, preventing threats from propagating across the zone boundaries. |
| Botnet command and control (CnC) detection and blocking | Identifies and blocks command and control traffic originating from bots on the local network to IPs and domains that are identified as propagating malware or are known CnC points. |
| Protocol abuse/anomaly | Identifies and blocks attacks that abuse protocols as they attempt to sneak past the IPS. |
| Zero-day protection | Protects the network against zero-day attacks with constant updates against the latest exploit methods and techniques that cover thousands of individual exploits. |
| Anti-evasion technology | Tightly integrated intrusion prevention system (IPS) leverages signatures and other countermeasures to scan packet payloads for vulnerabilities and exploits, covering a broad spectrum of attacks and vulnerabilities. |
| Countermeasure-based protection | Extensive stream normalisation, decoding and other techniques ensure that threats do not enter the network undetected by utilising evasion techniques in Layers 2-7. |
| Extensive list of IPS Signatures | Over 10,000 IPS Signatures associated with protection against exploits targeting software vulnerabilities. ( Some signatures associated with protection against exploits targeting software vulnerabilities are located under GAV and AntiSpyware services.) |
Capture Advanced Threat Protection
| Feature | Description |
|---|---|
| Multi-engine sandboxing | The multi-engine sandbox platform, which includes virtualised sandboxing, full system emulation and hypervisor level analysis technology, executes suspicious code and analyzes behavior, providing comprehensive visibility to malicious activity. |
| Real-Time Deep Memory Inspection (RTDMI™) | SonicWall RTDMI is a patent-pending technology and process utilized by the SonicWall Capture Cloud to identify and mitigate even the most insidious modern threats, including future Meltdown exploits. It even detects and blocks malware that does not exhibit any malicious behavior and hides its weaponry via encryption. |
| Block until verdict | To prevent potentially malicious files from entering the network, files sent to the cloud for analysis can be held at the gateway until a verdict is determined. |
| Broad file type analysis | Supports analysis of a broad range of file types, including executable programs (PE), DLL, PDFs, MS Office documents, archives, JAR and APK plus multiple operating systems including Windows, Android, Mac OS and multi-browser environments. |
| Rapid deployment of signatures | When a file is identified as malicious, a signature is immediately deployed to firewalls with SonicWall Capture ATP subscriptions and Gateway Anti-Virus and IPS signature databases and the URL, IP and domain reputation databases. |
Gateway Protection (GAV and Anti-Malware)
| Feature | Description |
|---|---|
| Gateway anti-malware | The RFDPI engine scans all inbound, outbound and intra-zone traffic for viruses, Trojans, key loggers and other malware in files of unlimited length and size across all ports and TCP streams. |
| Capture Cloud malware protection | A continuously updated database of tens of millions of threat signatures resides in the SonicWall cloud servers and is referenced to augment the capabilities of the onboard signature database, providing RFDPI with extensive coverage of threats. |
| Around-the-clock security updates | New threat updates are automatically pushed to firewalls in the field with active security services, and take effect immediately without reboots or interruptions. |
| Bi-directional raw TCP inspection | The RFDPI engine scans raw TCP streams on any port and bi-directionally to detect and prevent both inbound and outbound threats. |
| Extensive protocol support | Identifies common protocols such as HTTP/S, FTP, SMTP, SMBv1/v2 and others, which do not send data in raw TCP. Decodes payloads for malware inspection, even if they do not run on standard, well-known ports. |
Application Intelligence and Control
| Feature | Description |
|---|---|
| Application control | Controls applications, or individual application features that are identified by the RFDPI engine against a continuously expanding database of over thousands of application signatures. This increases network security and enhances network productivity. |
| Custom application identification | Controls custom applications by creating signatures based on specific parameters or patterns unique to an application in its network communications. This helps gain further control over the network. |
| Application bandwidth management | Application bandwidth management granularly allocates and regulates available bandwidth for critical applications (or application categories), while inhibiting nonessential application traffic. |
| Granular control | Controls applications (or specific components of an application) based on schedules, user groups, exclusion lists and a range of actions with full SSO user identification through LDAP/AD/Terminal Services/Citrix integration. |
Content Filtering
| Feature | Description |
|---|---|
| Reputation-based content filtering | Restrict and control the web content an Internet user is able to access. Reputation-based content filtering provides a reputation score that forecasts the security risk of a URL. |
| Inside/outside content filtering | Enforce acceptable use policies and block access to HTTP/HTTPS websites containing information or images that are objectionable or unproductive with Content Filtering Service and Content Filtering Client. |
| Enforced content filtering client | Extends policy enforcement to block internet content for Windows, Mac OS, Android and Chrome devices located outside the firewall perimeter. |
| Granular control | Blocks content using any combination of categories. Filtering can be scheduled by time of day, such as during school or business hours, and applied to individual users or groups. |
| Web caching | URL ratings are cached locally on the SonicWall firewall so that the response time for subsequent access to frequently visited sites is only a fraction of a second. |
| Local CFS Responder | Local CFS Responder can be deployed as a virtual appliance in private clouds based on VMWare or Microsoft Hyper-V. This provides deployment flexibility option (Light weight VM) of CFS ratings database in various customer network use cases that require a dedicated on premise solution that speeds up CFS ratings request and response times, supports large number of allowed/blocked URL list (+100K), and adds up to 1000 SonicWall firewalls for CFS rating lookups. |
What's on offer
Available on all generation firewalls
SonicProtect is available for any firewall model that is still within it's support period.Eligible for any security service status
No matter the status of your current security service license—whether inactive, expired, or at any tier—you can subscribe to SonicProtect.Simple activation process
Activating a SonicProtect license follows the same straightforward process as renewing your Firewall key.Interested?
Check out the SonicProtect subscriptions.
Or contact us
sales@sonicwallsecurity.co.uk
+44 (0)20 8589 7840