Choosing the Best Firewall for SMB and Branch Office

Improving security and connectivity for the distributed workforce with next-generation firewalls.

Today’s businesses – large and small – need firewalls that meet best practice security, connectivity, and performance requirements. This brief examines useful criteria for selecting a next-generation firewall for small offices and branch locations, such as the SonicWall TZ570/670, for meeting these needs at a budget-friendly price point.

Firewalls play an intrinsic role in an SD-Branch network. They should simplify deployment, management, and troubleshooting at the branch and mobile-first sites. Organizations require a firewall that can be used as an integrated gateway security solution that provides firewalling, switching, and wireless capabilities.

Optimally, it would consolidate the essential networking and security features needed to connect and protect a network, connected devices, IoT, and data in a single, low-cost solution. Firewalling, switching, and wireless access would all be featured on the firewall appliance. With limited available technical staff resources, features such as zero-touch deployment, automatic failover, and single-pane-of-glass management are crucial.

Stopping Advanced Threats

The use of Transport Layer Security/Secure Sockets Layer (TLS/SSL) to encrypt web traffic and connections has risen sharply. According to the 2020 SonicWall Cyber Threat Report, SonicWall Capture Labs threat researchers recorded 3.7 million malware attacks sent over TLS/SSL traffic, a 27.3 percent year-over-year increase. Many firewall appliances do not have the capability or processing power to responsibly detect, inspect and mitigate cyberattacks sent via HTTPS traffic. Instead of performing well only with unencrypted connections, an effective firewall should handle a very high number of encrypted web connections and perform deep packet inspection with a minimal performance impact.

A firewall should protect against more advanced threats such as unknown and zero-day using advanced sandboxing to send suspicious files to the cloud for analysis before rendering a verdict. A practical sandboxing component should execute suspicious code and analyze behavior, provide visibility into malicious activity while resisting evasion tactics and maximizing zero-day threat detection. Ideally, it should detect and block malware by forcing it to reveal its weaponry even into memory.

Download this document for a complete perspective on choosing the best firewalls for your SMB and Branch Offices.